ASP.NET Membership - One Login Multiple Domains

Posted on 2012-09-06
Last Modified: 2012-11-09
I have one .NET application which runs multiple websites - each on a different domain. (each website shows different products, but is controlled by the same application) If a user logs in to the website on one domain how can I set up that they will be logged in on all of the domains?
Question by:LockDev
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    use the same aspdb database
    LVL 26

    Expert Comment

    by:Alan Warren
    Hi LockDev,

    Did this the other day on my local dev server, it's definitely doable...

    You need one sql database catalog that has the aspnet_membership objects installed.

    Two or more sites with a valid connection string defined in their respective web.config files, for connecting to the SQL database catalog.

    The web.config in the two or more sites need to intialise the membership provider and roles provider.

    More info: login.aspx DefaultMembershipProvider to query an sql table for users?

    Using the same membership for multiple websites in


    Author Comment

    I use the same aspdb database. On localhost once I am log into one website, I am logged into all webseites. However, on the live server, if I am logged into one website which is on, I am not logged into
    LVL 26

    Accepted Solution

    You mean like Google accounts, if you log into your main google account, you don't have to login to gmail, webmaster tools, adsense and calendar, you are automatically authenticated in the other sites?

    Google uses an AuthSub ticket stored in browser session, I guess you could create a session variable that's populated when the user logs into any of the sites, then when they navigate to the other site, the site checks for the session variable, if it exists and hasn't expired the membership provider logs the user in automatically.

    You would need to store the ticket in session state encrypted, from which you could decrypt the users credentials.

    Your login page on each site could have some onload procedure to check for the ticket, parse the login credentials and then invoke the Membership.ValidateUser method using the credentials gleaned from the session.    
        Dim strRoot As String = ""
        Dim UserName As String = ""
        Dim Password As String = ""
        If Session("UserName") IsNot Nothing Then
          ' it would be better if these values were encrypted.
          UserName = Session("UserName").ToString
          Password = Session("Password").ToString
        ' Call the constructor  to create an instance of NetworkCredential with the 
        ' specified user name and password. 
        Dim myCredentials As New System.Net.NetworkCredential(UserName, Password)
            ' try to login using the credentials we have
            If Membership.ValidateUser(UserName, Password) Then
              FormsAuthentication.RedirectFromLoginPage(UserName, True)
              ' get the web root path
              If Request.IsSecureConnection Then
                strRoot = String.Format("https://{0}{1}", Request.Url.Host, Page.ResolveUrl("~/"))
                strRoot = String.Format("http://{0}{1}", Request.Url.Host, Page.ResolveUrl("~/"))
              End If
              ' redirect user,
              ' might be nice to get the ReturnUrl from the login query string here.
              ' eg. ?ReturnUrl=%2fmembers%2f
              ' If request.querystring("ReturnUrl") isnot nothing then ...
              Response.Redirect(strRoot), False)
        End If

    Open in new window


    Author Comment


    Thank you for your help. Will a session work between domains? Also, if a user closes their browser, then they would lose the session?
    LVL 26

    Expert Comment

    by:Alan Warren
    Hi LockDev,
    Session will work for the current user between domains, using the same browser.

    No guarantee to destroy session on closing the browser, cookie.expires determines the persistence of session. Easy enough to test, login using a browser, possibly good plan to test the big 3 browsers (IE,FF & GC); after logging in, kill the browser, then open the browser again, navigate to the site again, if you are still logged in, you have your answer; fairly sure you will be still logged in. All bets are off if you have opted for the browser to remember your login credentials, in which case you will definitely be logged in.


    Author Comment

    I would like to revisit this issue. I was thinking about another possibilty. Is it possible to use the DotNetOpenAuth library where our main website is an OpenID provider and all the other websites are OpenID users.

    Thank you.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
    In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now