I have several applications (main admin with login page, several sub applications) that use a common, single sign-in page.
I have followed all .NET documentation and setup my web.config with the same settings forms authentication settings as well as a common machineKey (see config code below).
The authentication cookie is definitely created for the root application.
It is not persisted when traversing to another application.
As mentioned, all settings in the config are identical across each application.
I have copied and pasted several times over to ensure this is correct and can be discounted.
I must be missing an important step or misconfigured the config (see below).
Are the machine key settings correct? How does the application know that the machine key is encrypted etc and how to decrypt?
Any help on this would be great.
Thanks for your time.
<!-- Authentication -->
<!-- TODO: Ensure 'requiresSSL=true' and 'domain=xxxx.com' when deployed -->
<!-- Validation, decryption keys and validation algorith must be the same (single sign-in) -->