Marius Schulz
Marius Schulz
Front End Engineer

Running Multiple ASP.NET Applications Using Forms Authentication on the Same Server

Some days ago after uploading this very blog application to my server, I found that running multiple ASP.NET applications using Forms Authentication on the same server can cause undesired side effects concerning the authentication of users.

Every time I signed in to another application running on this same server, I was redirected to the login page when trying to access my blog's administration area. I re-entered my credentials and successfully signed in to my blog again but, at the same time, I was logged out of the other application. What's wrong with two applications running on the same server, both using Forms Authentication?

I did a little research and learned that Forms Authentication requires a uniquely named cookie for each application to correctly store the corresponding authentication ticket. The default name for this cookie is .ASPXAUTH which is used by both applications if not specified otherwise. The cookie name can be specified within an application's web.config file in the following section:

<system.web>
    <authentication mode="Forms">
        <forms
            loginUrl="~/Admin/Account/SignIn"
            name=".ASPXAUTH_Blog"
        />
    </authentication>
    <!-- ... -->
</system.web>

By setting a different value for the name property for each application running on the same server, Forms Authentication correctly manages the different applications' authentication tickets in parallel.