Andy @ Work

Thursday, January 05, 2006

Aaaaaaah....thats why my FormsAuthentication didn't work

One of the projects that I'm currently working on involves an ASP.Net 2.0 site which needs to open an IFrame onto a different ASP.Net 2.0 site. Yesterday I noticed that after logging into my wrapping site, any attempt to navigate to another section of my site that required authenticated users would result in me having to authenticate again.

To cut a long story short, the problem I was having only presented itself when I tested the website while being hosted by the ASP.Net Development Server (hosting in IIS was fine). Well the problem came down to the <iframe>. Because I was authenticating with two sites (one wrapping the other) and they both were setting the value of the .ASPAUTHX cookie AND they were both hosted within the ASP.Net Development Server, the wrapped website was destroying my wrapping websites authentication ticket.

Changing the forms configuration element in web.config to use a different name for this cookie solved the problem.

The reason the problem only presented in the ASP.Net Development Server was due to my IIS server being referenced by a FQDN as opposed to localhost. Hence my wrapping .ASPAUTHX cookie had a different host value to my wrapped websites authentication ticket, and so was being overwritten.

You live you learn.


Post a Comment

<< Home