Forms Authentication on Virtual Directory -- How?

[rory.groves]

I have ASP.NET 2.0 Forms Authentication working great on my site.
Added a sub-directory application (virtual directory in IIS). I can
require authentication to access that subdirectory in the root
web.config, but once the user logs in, the sub-directory app treats
them as if they are not logged in.

I am assuming that is because its a separate app.

So how do I implement a single-signon solution for multiple
applications on the same website?

 

[Mr. Arnold]

I have ASP.NET 2.0 Forms Authentication working great on my site.
Added a sub-directory application (virtual directory in IIS). I can
require authentication to access that subdirectory in the root
web.config, but once the user logs in, the sub-directory app treats
them as if they are not logged in.

I am assuming that is because its a separate app.

So how do I implement a single-signon solution for multiple
applications on the same website?

All ASP.Net solutions run under the context permissions of the ASP.NET
Worker Process, as the ASP.NET Worker Process thread in IIS is hosting any
ASP.NET solution Web Form, Web Service or WCF solution hosted by IIS.

You can have them/the users login and authenticated anyway you want, but who
you must address for the permissions that any ASP.NET solution will have is
based on the permissions of the ASP.NET Worker process, and the account it's
using that the ASP.NET solution is running under.

http://support.microsoft.com/kb/306158
http://www.codeproject.com/KB/web-security/Sec_Run_ASPNET_WP.aspx

 

[rory.groves]

Is it really this involved to use the same Authentication Ticket on
two different asp.net applications on the same web server?

 

[rory.groves]

Found the solution here:
http://blogs.neudesic.com/blogs/michael_morozov/archive/2006/03/17/72.aspx

1st scenario