I have an existing WebForms application and we're now creating a new MVC application. They both authenticate using our own custom provider, using the same database.

I can successfully log in in each application separately using the same credentials, but what I now want is to implement a single-sign on (ie: if the user is already logged in in app1, app2 would automatically detect the user's settings and identify him as being logged in).

I have done my homework and read the references here, here and here, amongst others.

So far I have done the following:

• Set the same machineKey on both sites:

• Set the same forms auth on both sites:

Despite all of this, I haven't managed to get SSO working. I have managed 'Single-sign off', whereby when the user signs off one site, he's signed off from the other.

Is there anything I'm missing?

I would like a configuration-only solution, that does not require me to do any coding.

I am answering my own question just for closure's sake.

The reason why my my SSO was not working is because the main, existing website has its own cookie and session manager, and does not play by the rules of Forms authentication. It calls

FormsAuthentication.SignOut();

Shortly after login has completed.

I tried the configurations mentioned above with 3 different websites, a mixture of MVC and WebForms, different pipelines (integrated vs classic), with our custom membership provider, and it all worked marvellously.

So the steps defined above should work as long as your application does not do funny things with forms authentication.