Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Dec 12, 2012 08:34 PM by John Galt
Jul 26, 2012 03:21 PM|LINK
Hi I have a distributed application where the main business layer lives on a different subdomain than the main web front end.
We are using Asp.net webforms 4.0 and our services are WCF based. I am using Jquery 1.7.2
EG http://App.mysite.com & http://Services.mysite.com
I am able to get the forms Authentication cookie posted over from the server side code using WCF calls and we can read the username from the cookie.
However I am having an issue trying to read the forms authentication cookie when the request is posted using jQuery.
If I move the services WCF website onto the same box i.e. http://App.mysite.com. The cookie is posted no problems at all.
I have this in my code to ensure cross domain will work:
jQuery.support.cors = true;
and I have even tried this but to no avail:
/* Setup the call */
I have written a few test apps and I can show that as the machine and decryption keys are the same, a simple web site on this same box authenticates easily on the services box.
Does anyone know is there an issue sending a Forms authentication cookie across subdomains?
Is the a XSS issue and it’s not allowed?
Is there something else that I am missing?
Thanks in Advance for your help.
Jul 27, 2012 09:51 AM|LINK
To allow subdomains to use your cookies, in the forms authentication change the domain from "mydomain.com" to ".mydomain.com". Notice the extra dot? That's a wildcard.
<forms name=".ASPNET" loginUrl="http://mydomain.com/login.aspx" protection="All" timeout="1440" path="/" domain=".mydomain.com" enableCrossAppRedirects="true" />
Jul 27, 2012 10:52 AM|LINK
I am using the .mysite.com notation and I have found that doesnt make a difference.
I have also noticed that the cookie passes ok between one set of our boxes but not another. It seems very strange. I have also checked the updates and found out that all of the boxes have the latest service packs on them. Is there maybe a feature or setting
on IIS that needs installed for this to work?
Dec 12, 2012 08:34 PM|LINK
I have the same sort of thing. Jquery does not send the forms authentication cookie to the sub domain, but doing a standard request does.