Trying to make BlogEngine share forms authentication with another site

Aug 10, 2010 at 2:25 AM
Edited Aug 10, 2010 at 2:26 AM

Hi,

Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

(basically, setting up identical forms sections in the Web.config, and keys in the machineKey section)

Now, I am trying to do something similar to get BlogEngine.NET to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".

Is it possible that things are different due to BlogEngine being a Web Site, not a Web Application? I never use Web Sites normally so I'm not 100% clear on what differences there are in their behaviour.

I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.

authentication section of the two Web.configs are the same:

<authentication mode="Forms">
  <forms path="/" domain="localhost" timeout="129600" name=".WebSiteName" protection="All"
slidingExpiration="true" loginUrl="/admin/login.aspx" cookieless="UseCookies"/> </authentication>

And machineKey also:

<machineKey validationKey="DD45C42ACEAF1E208E9B78288177EBF9C8C7C54C6D05BA2FBA90B5348B8F6987216CB098056891CFE81DC33E37C5F9A2BF1845DBF902C6E4BBFEC2341FFA3635"
decryptionKey="0C69852D8BE0948D545C35B932D394102802FAF7FA46E99B4E5B5E12546E4620"
validation="SHA1" decryption="AES" />

And I have added my site's MembershipProvider and RoleProvider to BlogEngine's Web.config and made them the defaults.

Does anyone have any suggestions as to what I should check or try?

0 down vote favorite

Hi,

Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

(basically, setting up identical <forms> sections in the Web.config, and keys in the <machineKey> section)

Now, I am trying to do something similar to get BlogEngine.NET (which is a Web Site, not a Web Application) to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".

I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.

<authentication> section of the two Web.configs are the same:

<authentication mode="Forms">
 
<forms path="/" domain="localhost" timeout="129600" name=".WebSiteName"
protection="All" slidingExpiration="true" loginUrl="/admin/login.aspx"
cookieless="UseCookies"/>
</authentication>

And <machineKey> also:

<machineKey validationKey="DD45C42ACEAF1E208E9B78288177EBF9C8C7C54C6D05BA2FBA90B5348B8F6987216CB098056891CFE81DC33E37C5F9A2BF1845DBF902C6E4BBFEC2341FFA3635"
decryptionKey="0C69852D8BE0948D545C35B932D394102802FAF7FA46E99B4E5B5E12546E4620"
validation="SHA1" decryption="AES" />

Does anyone have any suggestions as to what I should check or try?

Aug 10, 2010 at 3:55 PM
Edited Aug 10, 2010 at 3:58 PM

I'm not sure what the problem is, but I think there's one thing worth a try. Add the below code in the system.web section in your web.config and see if it's affecting:

 

<httpCookies domain="localhost" />

Make the domain property same for both web sites (no port numbers). Good luck!