For different IIS applications that are on the same IIS website, how do I set up separate forms based authentication?

I have an Asp.Net MVC application using Forms Authentication that is published to the same IIS website under different application names:

Default Web Site/Dashboard
Default Web Site/Partner

      

Using Chrome, if I go to the instance Dashboard

and login, everything works fine. If I open a separate browser window and navigate to the instance Partner

, I am prompted to log in as expected. Partner

Everything works fine when logging into the instance . The problem occurs when I go back to my previous browser window and try to access an authenticated resource in the instance Dashboard

where I am redirected to the login page as if I had logged out somehow.
If I log into the instance again Dashboard

, everything works fine. But if I go to an instancePartner

, I found myself going out there. It looks like logging into another instance of the application somehow takes me out of the previous one. I did some glasses and it seems the problem is caused by the cookie settings for forms authentication. This is what I used:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn"
         timeout="1576800"/>
</authentication>

      

I did not specify the path to the cookie explicitly, so I figured the path to the cookie could be shared by the application instances, so it gets overwritten. So I tried to specify the cookie path explicitly. So when I post Dashboard

I used this:

 <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn"
             timeout="1576800"
             cookieless="UseCookies"
             path="/Dashboard" />
 </authentication>

      

And for Partner

I used this:

 <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn"
             timeout="1576800"
             cookieless="UseCookies"
             path="/Partner" />
 </authentication>

      

However, it didn't work. With these settings, I can't even login and logout correctly. My goal is for the Dashboard and Partner instances to be completely independent for form authentication, so logging into one of them doesn't affect the other. Is this possible without putting them in the names of different IIS websites?

+3


source to share


1 answer


In the web.config for each application, set a unique name for the cookie name in the authentication tags



 <authentication name="DashBoard" mode="Forms">
 <forms loginUrl="~/Account/LogOn" />
</authentication>

      

+3


source







All Articles