Good day! There are sites a.contoso.com, b.contoso.com, contoso.com. I can authenticate with FormsAuthentication on the same domain. It is necessary that when authenticating using the forms on one of these sites, on all IsAuthenticated sites, it is true, and also when exiting the account on one of the IsAuthenticated sites, it is set to false on the others too. How to implement it? Thanks in advance.
|
1 answer
If subdomains use the same database to store user credentials, this is already good. You didn’t specify whether you are using Web Api , as the tags indicate Web Api . If you use it, then it solves a lot of problems, since writing to cookies will occur on the host domain, and cookies from different subdomains will be stored with reference to this host domain.
Example: If a.contoso.com and b.contoso.com are client applications of a service hosted on the contoso.com domain, then when logging in from the a.contoso.com domain, they will be bound to the host contoso.com , which implies that logging into the domain b.contoso.com you will be logged in (in theory)! Why is this happening? Because cookies are recorded by the server application and stored in the browser with reference to your domain (ie, contoso.com), and it does not matter from what domain you will be authorized (although you can also store cookies in subdomains). If you have questions - write, I will answer in the comments!
gromanev gromanev
370 2 12
|