I'm developing a mobile-only sub domain website for an existing website. (The main site is www.domain.com and the mobile-only site I'm developing is m.domain.com.)
When a user logs into the main website, I want to redirect them to the mobile-only website if:
- They appear to be on a mobile device
- They have a particular role
When redirected, they should not have to log in a second time. And so I want to share authentication across websites. The main website uses Forms Authentication.
I am trying to follow the steps described in the article Forms Authentication Across Applications. The main thing is that you must "set attributes of the forms and machineKey
sections of the Web.config file to the same values for all applications that are participating in shared forms authentication."
I have done this. However, it's still not working. I can log in or out of either site using the same credentials. But logging in or out of one site does not have any effect on the login status of the other.
The article has this note:
Applications that run ASP.NET version 2.0 or later can share forms authentication ticket information with earlier versions of ASP.NET if you include decryption="3DES" in the machineKey element for each ASP.NET version 2.0 (or later) application.
This does not seem to apply.
Also, I do not specify the domain
attribute of the authentication
element. It says it's optional, and that the default value will be "".
Can anyone suggestion what else I might try. I just don't know where to go from here.