Say I have 2 sites and want to implement SSO between them. They are hosted at site1.localhost and site2.localhost. From what I've read so far I only needed the following in my web.config:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" domain=".localhost" path="/" />
<machineKey .../>
</authentication>
However, the following call does not issue authentication cookie at all:
FormsAuthentication.RedirectFromLoginPage(InputEmail.Text, true);
If I remove domain
attribute from forms
element the cookie is perfectly issued for site1.localhost domain. What am I missing?
p.s.
Windows 7 x64, ASP.NET 4.0, integrated pipeline, no extra modules/handlers
Update:
The following call returns a cookie with proper domain set (.localhost):
HttpCookie httpCookie = FormsAuthentication.GetAuthCookie(InputEmail.Text, true )
How is that possible?