ASP.NET Common logon across multiple websites hosted on same server

I want to split a website up into multiple domains hosted on the same server, sharing a MS SQL2005 database but using different IP addresses.

Each website will hyperlink to the others but I dont want the user to be forced to login with same credentials after the initial successful login.

HOW DO I PRESERVE THE CURRENT LOGON CREDENTIALS WHEN MOVING BETWEEN THESE SITES?

Each website will need to access the membership / profile data for the current logon. Database is MS SQL2005 also hosted on same server. One site will reside on a dedicated IP whilst the others will be on a single shared IP.

<authentication mode="Forms">

Any further info required please let me know. VB Please

thanks in advance
JOHNFROGAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pschramaCommented:
Haven't done something like this before, but this might be what you're looking for:

http://msdn.microsoft.com/en-us/library/eb0zx8fc%28VS.90%29.aspx
0
JOHNFROGAuthor Commented:
thats a good reference but after much painstaking attempts at implementation I cannot seem to get it to work.

The logon authentication does not carry over to the second domain even if the link is made from the first one.

The web.config files for both domains now share the following

<system.web>
  <authentication mode="Forms">
      <forms loginUrl="Default\Login.aspx"
             protection="All"
             timeout="60"
             name="/"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="default.aspx"
             cookieless="UseCookies"
             enableCrossAppRedirects="true">
      </forms>
    </authentication>
   
    <machineKey validationKey='8E20841DF14114835ED2EF5B323B78354331B12E0198201E81D3F764B665498129B06502DFC30CA0DD0B12B2FA26151AD35D7A15D69D77E90B938E6F05682D66'
              decryptionKey='3EE3CF7868ADE9719F7F60F86D0E492B6316F22BD48B4AE5'
              validation='SHA1'/>
</system.web>


Any ideas?
0
pschramaCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

JOHNFROGAuthor Commented:
thanks pschrama. have looked at length on all links.

The first 'codeproject' link is concerned with sub-domains which may be an option.

The second link looks like it will do what I am after but its all a bit above me and only in C so am struggling to understand it.

The third just goes right over my head unfortunately but it seems concerned with data transfer.

Due to some other pressing issues I may need to shelf this for a while as it seems to complicated. Will leeave the post open for a day or 2 then if no further input will award you the points and close.

Appreciate your help so far.
0
JOHNFROGAuthor Commented:
Actually,

what would be wrong woth using such a solution as this

http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_22869524.html

Might try it
0
JOHNFROGAuthor Commented:
re the above solution. It does the trick.

All i need to do is pass the username from site#1 to site#2 and it logs them in automatically.

0
pschramaCommented:
Shame it's such a pain to get it working "under the hood".

I assume you added a check to see if a username is passed along to the basepage or masterpage of all these sites?
There's also a potential security issue ofcourse, the username should be encoded with a key that is used in all sites.
0
JOHNFROGAuthor Commented:
yes i am starting to see the vulnerabilities. Might end up back at where i started.

Will work on it for a while
0
JOHNFROGAuthor Commented:
some good links provided. But in the end I used the FormsAuthentication.SetAuthCookie method but behind all of that is ticket issuing system that keeps track of the user.

Maybe will do it the right way another time.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.