0
votes

We are using ASP membership database to manage our websites security, and each website corresponding to one membership role. I made a portal site to list all the hyperlinks to these project websites (all the user within any role can log on to this portal site), and in the webconfig file, I list all the roles for every project website:

<authorization>      
      <allow roles="Administrators,ProjectId1_Member,ProjectId10_Member,ProjectId11_Member,ProjectId12_Member,ProjectId13_Member,ProjectId14_Member,ProjectId15_Member,ProjectId16_Member,ProjectId17_Member,ProjectId18_Member,ProjectId19_Member,ProjectId2_Member,ProjectId21_Member,ProjectId22_Member,ProjectId23_Member,ProjectId24_Member,ProjectId25_Member, "/>
      <deny users="*"/>
 </authorization>

But it works for the user to log on to the Portal site. But if the user click the hyperlink to navigate to a particular project website, the user will be navigated to the login page again. Is there a way that I can avoid this double login happens?

Thanks,

Wei

1
Your forms authentication cookies are not shared between websites, most probably. - Wiktor Zychla
How are the sites named - are they www.site1.com, www.site2.com, or site1.company.com, site2.company.com or something else? - Tisho
To Tisho: our sites name are companySite/projectA/index.aspx , companySite/projectB/index.aspx. To Wiktor: how should I share authentication cookies among websites? Thanks, you guys! - lwconquer

1 Answers

0
votes

Make sure path is / and enable cross-path redirects

 <authentication mode="Windows">
 <forms 
    name=".ASPXAUTH" 
    loginUrl="login.aspx" 
    defaultUrl="default.aspx" 
    protection="All" 
    timeout="30" 
    path="/" 
    requireSSL="false" 
    slidingExpiration="true" 
    cookieless="UseDeviceProfile" 
    domain="companySite" 
    enableCrossAppRedirects="true">
    <credentials passwordFormat="SHA1" />
 </forms>
 <passport redirectUrl="internal" />
 </authentication>