Refering to sharing cookie in subdomains I implemented jro's answer and it worked for sign in. (sharing the cookie in different sub domains)
However with this change effected the signout process. Please refer to the SignOut and SignIn code I shared below.
The issue is that in the signout process it does a FormsAuthentication.SignOut and then redirect to the sign in controller, but "System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated"
is set to true even though the FormsAuthentication.SignOut is called in the sign out process.
Code that sets the Forms Authentication Cookie
public static HttpCookie GetAuthenticationCookie(CookieData cookieData)
{
string userData = PrepareCookieContentFromCookieData(cookieData); //Get a string with User data
AuthenticationSection section = WebConfigurationManager.GetWebApplicationSection("system.web/authentication") as AuthenticationSection;
TimeSpan ts = section.Forms.Timeout;
int timeout = (ts.Minutes != 0) ? timeout = ts.Minutes : 1;
bool isPersistent = Convert.ToBoolean(HttpContext.Current.Request.Form["isPersistent"] ?? "False");
if (isPersistent) timeout = 30 * 24 * 60;
//ticket object is formed based on the above details set. Evry page afer login will use this ticket to get base user data
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, cookieData.userName, DateTime.Now,
DateTime.Now.AddMinutes(timeout), isPersistent, userData, FormsAuthentication.FormsCookiePath);
// to encrypt the ticket
string encryptedCookieString = FormsAuthentication.Encrypt(ticket);
// setting the ticket to the cookie.
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedCookieString);
cookie.HttpOnly = true;
cookie.Domain = "parent.com";
if (isPersistent)
cookie.Expires = DateTime.Now.AddYears(1);
return cookie;
}
Sign Out
public ActionResult SignOut()
{
if (HttpContext != null && HttpContext.Session != null)
{
HttpContext.Session.Abandon();
}
FormsAuthentication.SignOut();
}
return RedirectToAction("SignIn", "User");
}
SignIn
public ActionResult SignIn(string CompanyCode)
{
//Check if logged in
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
//return to a specific page
}
}
Appreciate any help on this.
Solved the issue. If you set the domain name manually, you have to set the domain name from the webconfig forms authentication settings. Otherwise it will try to clear cookies from the default domain (in my case subapp1.parent.com), where there is no such cookie since I have manually overridden the cookie domain.
My forms authentication settings was as follows
Then I added
domain=".parent.com"
as the domain and it started working.Here is how I diagnosed the issue,
I tried following code to manually remove any cookies during sign out,
Still the issue was there. But I logged (log4net) the cookie.Domain to get details when this happens. Surprisingly the domain was empty, where I was expecting "parent.com". Then I checked the forms-authentication settings and figured out the domain name was not set there.
Hope this will help to save several hours for someone!