Sharing authentication between MVC applications over WIF

Read the main MSDN article that fully describes What is Windows Identity Foundation , which says:

Windows® Identity Foundation (WIF) is the foundation for building identity-aware applications. The framework abstracts the WS-Trust and WS-Federation protocols and provides developers with APIs for building a security token service and applications that support the requirements. Applications can use WIF to process tokens issued from security token services and make decisions based on the identity of the web application or web service.

This way you should have fewer problems to authenticate across multiple applications.

An excellent starting point would be MSDN, which is How To: Build a Robust ASP.NET MVC Web Application using WIF

To understand how this works, see this helpful MSDN blog .

Another example of WIF + MVC is available at Federated Identity with Multiple Partners where I encourage you to read the first chapters to understand all the basic principles.

Update : around STS According to MSDN :

The Security Token Service (STS) is a service component that generates, signs and issues security tokens in accordance with WS-Trust and WS-Federation Protocols. Theres a lot of work that goes into implementing these protocols, but WIF does it all for you, making it possible for someone who is not a protocol expert to get STS and work with very little effort. You can use cloud STS like LiveID STS, pre-built STS like Active Directory® Federation Service (AD FS) 2.0 or if you want to publish tokens or provide custom authentication or authorization you can create your own STS using WIF ... WIF makes it easy to create your own STS. For more information, see the Creating STS section.

In STS, the following links may be helpful:

• Building STS
• How to create a security token service
• Create a custom security token service