[Dev Tip] WIF SessionAuthenticationModule cookies across sub-domains


Sometime, you need support SSO among sub-domains. Beside set up WIF on each applications, using same machine key. But those apps still cannot use same cookie.

There is a solution for it: specify domain name before write session token to cookie:

var sessionToken = new SessionSecurityToken(principal);
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Domain = "domain.com";
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
Advertisements