Click here to Skip to main content
14,031,266 members
Click here to Skip to main content
Add your own
alternative version


148 bookmarked
Posted 31 Mar 2004

Single sign-on across multiple applications in ASP.NET

Rate this:
Please Sign up or sign in to vote.
By default, Forms authentication does not support single sing-on accross multiple applications. But is not too complicated to tweak it the appropriate way.


I prefer to use the Forms authentication for most of my applications. And most of my projects consist of a few relatively independent parts running on subdomains of the main domain. It would be nice to have single sign-on, so if you are logged on at, you would be recognized also at

Forms authentication by default does not support this feature, but is not too complicated to tweak it the appropriate way.

Behind the Forms authentication

Technology behind the Forms authentication is simple: it would create a cookie of defined name (attribute name of forms attribute in web.config). The cookie would contain encrypted authentication data.

To protect user's privacy and for security reasons, you can only read cookies that you wrote. They're associated with server hostname by default. But the cookie standard supports making cookies accessible for entire domain in which the server lies. It means that from, you can work with cookies for both and

You can set domain-wide cookie only for second level domain, or for third level domain if second level domain contains three or less characters. It means that you cannot set cookie for domain "com" or "", but can for "" or "".

So, only what you need is to make authentication cookies domain-wide.

Setting it up

You must setup authentication in system.web section of your web.config file as usual, for example:

<authentication mode="Forms">
  <forms name=".EXAMPLE-AUTH" loginUrl="/Login.aspx" 

               protection="All" timeout="30" path="/" />

As I said before, the authentication cookie is encrypted. By default, encryption key is generated automatically. But if you need more servers to cooperate, you need to have the keys same on both servers. This can be done by adding the following to system.web section of web.config:





The values of validation and decryption key should be 16 (for DES) or 48 (for TripleDES) characters long hexadecimal numbers.

Signing on

You must modify the authentication cookie before sending it to the client, by specifying your domain name. The code can be as follows (assumes that user has been authenticated and his name is stored in string variable UserName):

Dim C As System.Web.HttpCookie = _
         System.Web.Security.FormsAuthentication.GetAuthCookie(UserName, False)
C.Domain = ""

Signing off

Usually, there is no need to make something special to sign the user off - just call System.Web.Security.FormsAuthentication.SignOut(). But not in this case - the SignOut() method is unable to deal with domain-wide cookies.

You need to delete the cookie manually. And the only way to delete a cookie is to set its expiration date to past. You may do it using the following code:

Dim C As System.Web.HttpCookie = _
C.Domain = ""
C.Expires = DateTime.Now.AddDays(-1)


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Michal Altair Valášek
Software Developer Altairis
Czech Republic Czech Republic

Software architect and developer in Altairis, dev shop in Czech republic. Microsoft Most Valuable Professional (MVP) since 2004.

See my open source project at Codeplex.

You may also be interested in...


Comments and Discussions

GeneralSSO Across Domains Pin
checking14-Oct-04 9:31
memberchecking14-Oct-04 9:31 
GeneralRe: SSO Across Domains Pin
Michal Altair Valášek14-Oct-04 12:39
memberMichal Altair Valášek14-Oct-04 12:39 
GeneralASP Pin
matzy24-Sep-04 7:01
membermatzy24-Sep-04 7:01 
GeneralRe: ASP Pin
matzy11-Nov-04 4:47
membermatzy11-Nov-04 4:47 
GeneralNot working for me Pin
Dave Wengier31-Aug-04 12:57
memberDave Wengier31-Aug-04 12:57 
GeneralRe: Not working for me Pin
Dave Wengier1-Sep-04 12:29
memberDave Wengier1-Sep-04 12:29 
GeneralRe: Not working for me Pin
devvvy18-Feb-05 20:10
memberdevvvy18-Feb-05 20:10 
QuestionHow to deal with the SSO on different top domains? Pin
razor.sdb.cnic.cn23-Aug-04 18:31
memberrazor.sdb.cnic.cn23-Aug-04 18:31 
AnswerRe: How to deal with the SSO on different top domains? Pin
Michal Altair Valášek27-Aug-04 0:45
memberMichal Altair Valášek27-Aug-04 0:45 
GeneralRe: How to deal with the SSO on different top domains? Pin
SelArom30-Sep-07 14:11
memberSelArom30-Sep-07 14:11 
AnswerRe: How to deal with the SSO on different top domains? Pin
MikeSc3-Oct-06 4:59
memberMikeSc3-Oct-06 4:59 
GeneralAuthentication problem Pin
caveman_dick23-Aug-04 6:41
membercaveman_dick23-Aug-04 6:41 
GeneralRe: Authentication problem Pin
Michal Altair Valášek23-Aug-04 6:46
memberMichal Altair Valášek23-Aug-04 6:46 
GeneralRe: Authentication problem Pin
caveman_dick24-Aug-04 6:33
membercaveman_dick24-Aug-04 6:33 
GeneralRe: Authentication problem Pin
M@rcelP6-Nov-05 23:31
memberM@rcelP6-Nov-05 23:31 
GeneralRe: Authentication problem Pin
caveman_dick7-Nov-05 5:15
membercaveman_dick7-Nov-05 5:15 
GeneralTypeKey authentication in ASP.Net Pin
Julien Couvreur15-Jun-04 7:43
memberJulien Couvreur15-Jun-04 7:43 
GeneralRedirect not working Pin
DougRutledge26-May-04 7:00
memberDougRutledge26-May-04 7:00 
GeneralAlways creates the New Session ID Pin
AcceptMyName10-May-04 12:13
memberAcceptMyName10-May-04 12:13 
GeneralRe: Always creates the New Session ID Pin
Michal Altair Valášek10-May-04 19:21
memberMichal Altair Valášek10-May-04 19:21 
GeneralIt doesn't work to me also Pin
jumacabo10-May-04 1:19
memberjumacabo10-May-04 1:19 
GeneralRe: It doesn't work to me also Pin
Michal Altair Valášek10-May-04 8:18
memberMichal Altair Valášek10-May-04 8:18 
Generaldoesn't work Pin
margiex26-Apr-04 18:57
membermargiex26-Apr-04 18:57 
GeneralRe: doesn't work Pin
Michal Altair Valášek10-May-04 8:19
memberMichal Altair Valášek10-May-04 8:19 
GeneralWarnings about netscape Pin
PhallGuy6-Apr-04 12:48
memberPhallGuy6-Apr-04 12:48 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web03 | 2.8.190419.4 | Last Updated 1 Apr 2004
Article Copyright 2004 by Michal Altair Valášek
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid