Click here to Skip to main content
15,304,157 members
Articles / Web Development / ASP.NET
Posted 31 Mar 2004


149 bookmarked

Single sign-on across multiple applications in ASP.NET

Rate me:
Please Sign up or sign in to vote.
4.60/5 (35 votes)
31 Mar 20042 min read
By default, Forms authentication does not support single sing-on accross multiple applications. But is not too complicated to tweak it the appropriate way.


I prefer to use the Forms authentication for most of my applications. And most of my projects consist of a few relatively independent parts running on subdomains of the main domain. It would be nice to have single sign-on, so if you are logged on at, you would be recognized also at

Forms authentication by default does not support this feature, but is not too complicated to tweak it the appropriate way.

Behind the Forms authentication

Technology behind the Forms authentication is simple: it would create a cookie of defined name (attribute name of forms attribute in web.config). The cookie would contain encrypted authentication data.

To protect user's privacy and for security reasons, you can only read cookies that you wrote. They're associated with server hostname by default. But the cookie standard supports making cookies accessible for entire domain in which the server lies. It means that from, you can work with cookies for both and

You can set domain-wide cookie only for second level domain, or for third level domain if second level domain contains three or less characters. It means that you cannot set cookie for domain "com" or "", but can for "" or "".

So, only what you need is to make authentication cookies domain-wide.

Setting it up

You must setup authentication in system.web section of your web.config file as usual, for example:

<authentication mode="Forms">
  <forms name=".EXAMPLE-AUTH" loginUrl="/Login.aspx" 
               protection="All" timeout="30" path="/" />

As I said before, the authentication cookie is encrypted. By default, encryption key is generated automatically. But if you need more servers to cooperate, you need to have the keys same on both servers. This can be done by adding the following to system.web section of web.config:


The values of validation and decryption key should be 16 (for DES) or 48 (for TripleDES) characters long hexadecimal numbers.

Signing on

You must modify the authentication cookie before sending it to the client, by specifying your domain name. The code can be as follows (assumes that user has been authenticated and his name is stored in string variable UserName):

Dim C As System.Web.HttpCookie = _
         System.Web.Security.FormsAuthentication.GetAuthCookie(UserName, False)
C.Domain = ""

Signing off

Usually, there is no need to make something special to sign the user off - just call System.Web.Security.FormsAuthentication.SignOut(). But not in this case - the SignOut() method is unable to deal with domain-wide cookies.

You need to delete the cookie manually. And the only way to delete a cookie is to set its expiration date to past. You may do it using the following code:

Dim C As System.Web.HttpCookie = _
C.Domain = ""
C.Expires = DateTime.Now.AddDays(-1)


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Michal Altair Valášek
Software Developer Altairis
Czech Republic Czech Republic

Software architect and developer in Altairis, dev shop in Czech republic. Microsoft Most Valuable Professional (MVP) since 2004.

See my open source project at Codeplex.

Comments and Discussions sso Pin
wissamtannous2-Oct-13 22:23
Memberwissamtannous2-Oct-13 22:23 
GeneralThanks Pin
debayan nanda23-Apr-11 9:32
Memberdebayan nanda23-Apr-11 9:32 
GeneralSSO in ASP.NET to view SAP IView Pin
Netweb9-Nov-09 2:37
MemberNetweb9-Nov-09 2:37 
GeneralCookies Across Domains Pin
mohit232320-Apr-08 1:26
Membermohit232320-Apr-08 1:26 
GeneralFacing problem with Domain and subdomain Pin
Javad Mehmood26-Dec-07 8:37
MemberJavad Mehmood26-Dec-07 8:37 
GeneralRe: Facing problem with Domain and subdomain Pin
PranjaliBhide13-Aug-08 3:18
MemberPranjaliBhide13-Aug-08 3:18 
Questionon different domains? Pin
dagarwal827-Nov-06 20:24
Memberdagarwal827-Nov-06 20:24 
GeneralLogging out not working. Pin
Nigel Liefrink 221-Aug-06 20:39
MemberNigel Liefrink 221-Aug-06 20:39 
GeneralProblem when is not persistant Pin
Farshid Zavareh15-Mar-06 9:11
MemberFarshid Zavareh15-Mar-06 9:11 
GeneralRe: Problem when is not persistant Pin
Farshid Zavareh16-Mar-06 1:35
MemberFarshid Zavareh16-Mar-06 1:35 
Questionlocalhost Pin
xgnitesh9-Feb-06 5:45
Memberxgnitesh9-Feb-06 5:45 
AnswerRe: localhost Pin
davidhart4-Sep-07 6:57
Memberdavidhart4-Sep-07 6:57 
QuestionRe: localhost Pin
Ofir-z1-Aug-08 5:37
MemberOfir-z1-Aug-08 5:37 
AnswerRe: localhost Pin
Ofir-z1-Aug-08 5:44
MemberOfir-z1-Aug-08 5:44 
GeneralTIcket pass Worked in ASP 1.1 but not in 2.0.. Pin
Pchao25-Dec-05 16:21
MemberPchao25-Dec-05 16:21 
GeneralRe: TIcket pass Worked in ASP 1.1 but not in 2.0.. Pin
mrbikejoc7-Feb-08 14:52
professionalmrbikejoc7-Feb-08 14:52 
GeneralPls highlight the importance of &lt;machineKey&gt; Pin
Anonymous20-Oct-05 9:17
MemberAnonymous20-Oct-05 9:17 
GeneralCannot logout Pin
Jong-Hyun9-May-05 11:06
MemberJong-Hyun9-May-05 11:06 
GeneralJOSSO Single Sign-On supports ASP Pin
Anonymous8-Mar-05 2:50
MemberAnonymous8-Mar-05 2:50 
GeneralRe: JOSSO Single Sign-On supports ASP Pin
ayurhdfkl1-Aug-07 0:02
Memberayurhdfkl1-Aug-07 0:02 
Questioniframe and form authentication? Pin
devvvy18-Feb-05 20:08
Memberdevvvy18-Feb-05 20:08 
GeneralSingle sign on within sub domain Pin
Gurumoorthi Kumar2-Jan-05 18:09
sussGurumoorthi Kumar2-Jan-05 18:09 
GeneralRe: Single sign on within sub domain Pin
DevDude26-Jan-06 11:35
MemberDevDude26-Jan-06 11:35 
GeneralA better way Pin
Anonymous23-Dec-04 8:39
MemberAnonymous23-Dec-04 8:39 
GeneralRe: A better way Pin
Michal Altair Valášek23-Dec-04 9:54
MemberMichal Altair Valášek23-Dec-04 9:54 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.