Forms Authentication across Sub-Domains on local IIS

Question

I know a cookie can be shared across multiple subdomains using the setting

Answer 1

localhost.users and localhost.host is cross domain. Cookies cannot be shared cross domain.

You could configure it like this so that the sub-domain differs but the root domain stays the same:

• users.localhost
• host.localhost

Now set the cookie domain in your web.config to localhost:

domain=".localhost"

and in your c:\Windows\System32\drivers\etc\hosts file add the following 2 entries:

127.0.0.1 users.localhost
127.0.0.1 host.localhost

Now you will be able to successfully share the authentication cookie between users.localhost and host.localhost.

Ah, and don't forget to put a step in your automated build process that will transform your web.config value to the correct root domain before shipping in production.

Answer 2

This is a reminder for anyone running in Framework 4.5 and trying to share the token with frameworks 4 and lower, please notice that this will cause you not to receive the auth cookie on any of the 4 and lower apps. ie: if in your web.config you have:

<httpRuntime maxRequestLength="80480" targetFramework="4.5" />

You can get it to work by removing the targetFramework="4.5" attribute to get it to work, though I don't know if there are any side effects in doing so:

<httpRuntime maxRequestLength="80480" />