Forms Authentication for a Silverlight application

I am migrating a n-tier Silverlight application to Windows Azure and I've hit a brick wall. Once I am logged in, the web service cannot know who is authenticated. My cloud project has two roles:

Web UI: On Azure, its IP is 111.222.33.44:80
Web Service: On Azure, its IP is 111.222.33.44:8080

Configuration for Web UI:

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Forms">
        <forms name="COOKIENAME" loginUrl="~/Login/login.aspx" timeout="2880" />
    </authentication>
    <authorization>
        <deny users="?" />
    </authorization>
    <machineKey validation="SHA1" decryption="AES" validationKey="VKEY" decryptionKey="DKEY"></machineKey>
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
</system.web>

Configuration for Web Services

<system.web>
    <authentication mode="Forms">
        <forms name="COOKIENAME" loginUrl="~/Login/login.aspx" timeout="2880" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    <machineKey validation="SHA1" decryption="AES" validationKey="VKEY" decryptionKey="DKEY"></machineKey>
</system.web>

In the Web UI role, Login/login.aspx submits the username and password. A cookie is created with the method FormsAuthentication.SetAuthCookie(username, myVar);. Then, the user is redirected to Default.aspx which contains the Silverlight application.

When it is starting, the Silverlight application gets the username from the Web Service role by returning HttpContext.Current.User.Identity.Name.

All is fine in the local cloud emulator, but when I deploy my project in Windows Azure (staging), the web service doesn't know I am connected. I used Fiddler and I saw the page 111.222.33.44:8080/Login/login.aspx being queried (the page doesn't exist in the web service role, it is a way to know if a user is authenticated).

I suspect the web service cannot retrieve the username because it cannot retrieve the cookie created by the Web UI role. Is it actually possible to make it work or do I have to merge the web service role with the Web UI role?

The machine keys on both roles are identical.

AFAIK The two roles won't share a cookie.

In a similar situation I had a web project that hosted a silverlight client, and a web service that was used by the silverlight app.

The user would log in to the website and access the silveright client. The client had been provided with web service authentication token using the param attribute

<object data="data:application/x-silverlight-2," type="application/x-silverlight-2">                
   <param name="Token" value="<%=Token %>" />

The token, once decrypted by the web service, contains the logged in user's id.

Now, the Silverlight client can access a stateless web service and the web service knows which logged in user the request relates to.

I kept my WebService and WebRole separate so that CPU heavy jobs can be handled by the service, leaving the web role to serve web pages nice and quickly.

Does this help?