multiple web application host under the same website on IIS （authentication mode）

第一种方式，修改forms的name

how to set the forms authentication cookie path

 assume you have already solved this issue somehow, but since I stumbled upon this question I thought I should add my few cents.

To solve the issue use different cookie names in web.config. Something like:

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_FOO"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

and

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_BAR"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

第二种方式，修改forms的path，并且加上domain(必须添加)  (forms的name是保持一致的)

需要注意的是，监视cookie的时候，每一个页面的cookie是独立的，需要分别用F12查看。

The name of forms keep the same, they have different path,(although the domains are the same but must set it)
<authentication mode="Forms">
<forms loginUrl="CMSPages/LISA_logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="1440" slidingExpiration="true" domain="localhost" path="/LISA_50_Dev_CMSWeb" />
</authentication>

<authentication mode="Forms">
<forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="1440" slidingExpiration="true" domain="localhost" path="/LISA_60_Dev_CMSWeb"/>
</authentication>

 

第二个方法的问题，在于限定了domain name，如果限定为localhost的话，那么会导致使用域名无法登录的问题 。因为后台不识别了。 

 扩展

查看单个页面的cookie

相关文章

https://weblog.west-wind.com/posts/2008/Jan/20/Forms-Authentication-and-path-in-the-forms-Tag 

https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/forms-authentication-configuration-and-advanced-topics-cs

domain

When using cookie-based authentication tickets, this setting specifies the cookie's domain value.

The default value is an empty string, which causes the browser to use the domain from which it was issued (such as www.yourdomain.com).

In this case, the cookie will not be sent when making requests to subdomains, such as admin.yourdomain.com.

If you want the cookie to be passed to all subdomains you need to customize the domain attribute setting it to yourdomain.com.

path

When using cookie-based authentication tickets, this setting specifies the cookie's path attribute.

The path attribute enables a developer to limit the scope of a cookie to a particular directory hierarchy.

The default value is /, which informs the browser to send the authentication ticket cookie to any request made to the domain.