I have 2 applications under the same website in IIS7.5. The problem is the follow:
- Open the browser and login the first application;
- Open another browser tab and login the second appication;
- The first application automatically logout.
I have the same asp.net authentication DB but I created two different users with different roles and different ApplicationId. I also set different applicationName attribute in membership provider configuration in applications web.config file.
Can you help me please? Sorry for my English.
Thanks.
If the IIS website is configured to use Forms-Based Authentication, then the problem is most likely that the cookie for the 2nd login (which is a different user) is overwriting the cookie from the initial login. By default, the cookie is named ".ASPXAUTH". You should be able to verify this by inspecting the response headers returned from IIS using something like Fiddler.
You can control the cookie name IIS uses to maintain the session by changing the "name" attribute in the element in the web.config. See this documentation for more details. An example of this portion of the web.config would be something like:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="APP1SESS" />
</authentication>
If the applications are contained within single, separate sub-folders, then you could also use the "path" attribute instead to tell the browser to only send the cookie for requests in that sub-folder. Be careful here as any shared resources like images that are not in the sub-folder would need to be publicly accessible.
The //authentication/forms element can only be specified at the root level of the application. Check this SO post for a discussion on that.
