A
andrew
Hi
I am working on an app for a charity, www.encephalitis.info. They need
an online shop and forums. To that effect, I have set up the following
subdomains (starter kit used in brackets):
www.encephalitis.info
forums.encephalitis.info (yetanotherforum.net starter kit)
shop.encephalitis.info (dashCommerce.org starter kit)
For testing purposes, I am using the default asp.net membership and
role providers, but for the profile providers, I am using
dashCommerce's and yetanotherforum's profile providers.
I each web.config, I have set the machineKey to be the same, and have
given each web app the exact same authentication, membership and role
sections, as follows:
<machineKey validationKey='...??...' decryptionKey='...!!...'
validation='SHA1'/>
<authentication mode="Forms">
<forms name=".theApp_Authentication" loginUrl="http://
www.encephalitis.info/login.aspx" protection="All" timeout="30"
path="/"/>
</authentication>
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" connectionStringName="myConn"
applicationName="theApp" type="System.Web.Security.SqlRoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear/>
<add connectionStringName="myConn" applicationName="theApp"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
The result is that single sign on does not work. Can anyone tell me
what I am doing wrong??
I thought that by setting the machineKey that each app would read the
cookies created by the other ones, and therefore perform the login.
One point, that may be relevant:
Although the <forms loginUrl="..."> is set to the same url
(www.encephalitis.info/login.aspx), yetanotherforum.net and
dashCommerce pretty much hard code their own login pages. The only
problem with this would be if one subdomain cannot read a cookie
created by another subdomain, as opposed to the main www.encepahlitis.info.
I must be missing/misunderstanding something. But what...?!
Andrew
I am working on an app for a charity, www.encephalitis.info. They need
an online shop and forums. To that effect, I have set up the following
subdomains (starter kit used in brackets):
www.encephalitis.info
forums.encephalitis.info (yetanotherforum.net starter kit)
shop.encephalitis.info (dashCommerce.org starter kit)
For testing purposes, I am using the default asp.net membership and
role providers, but for the profile providers, I am using
dashCommerce's and yetanotherforum's profile providers.
I each web.config, I have set the machineKey to be the same, and have
given each web app the exact same authentication, membership and role
sections, as follows:
<machineKey validationKey='...??...' decryptionKey='...!!...'
validation='SHA1'/>
<authentication mode="Forms">
<forms name=".theApp_Authentication" loginUrl="http://
www.encephalitis.info/login.aspx" protection="All" timeout="30"
path="/"/>
</authentication>
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" connectionStringName="myConn"
applicationName="theApp" type="System.Web.Security.SqlRoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear/>
<add connectionStringName="myConn" applicationName="theApp"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
The result is that single sign on does not work. Can anyone tell me
what I am doing wrong??
I thought that by setting the machineKey that each app would read the
cookies created by the other ones, and therefore perform the login.
One point, that may be relevant:
Although the <forms loginUrl="..."> is set to the same url
(www.encephalitis.info/login.aspx), yetanotherforum.net and
dashCommerce pretty much hard code their own login pages. The only
problem with this would be if one subdomain cannot read a cookie
created by another subdomain, as opposed to the main www.encepahlitis.info.
I must be missing/misunderstanding something. But what...?!
Andrew