I know a cookie can be shared across multiple subdomains using the setting
<forms
name=".ASPXAUTH"
loginUrl="Login/"
protection="Validation"
timeout="120"
path="/"
domain=".mydomain.com"/>
in Web.config. But how to replicate same thing on local machine. I am using windows 7 and IIS 7 on my laptop. So I have sites localhost.users/ for my actual site users.mysite.com localhost.host/ for host.mysite.com and similar.
localhost.users and localhost.host is cross domain. Cookies cannot be shared cross domain.
You could configure it like this so that the sub-domain differs but the root domain stays the same:
users.localhosthost.localhost
Now set the cookie domain in your web.config to localhost:
domain=".localhost"
and in your c:\Windows\System32\drivers\etc\hosts file add the following 2 entries:
127.0.0.1 users.localhost
127.0.0.1 host.localhost
Now you will be able to successfully share the authentication cookie between users.localhost and host.localhost.
Ah, and don't forget to put a step in your automated build process that will transform your web.config value to the correct root domain before shipping in production.
This is a reminder for anyone running in Framework 4.5 and trying to share the token with frameworks 4 and lower, please notice that this will cause you not to receive the auth cookie on any of the 4 and lower apps. ie: if in your web.config you have:
<httpRuntime maxRequestLength="80480" targetFramework="4.5" />
You can get it to work by removing the targetFramework="4.5" attribute to get it to work, though I don't know if there are any side effects in doing so:
<httpRuntime maxRequestLength="80480" />
来源:https://stackoverflow.com/questions/8278015/forms-authentication-across-sub-domains-on-local-iis