如何自动登录IIS网站？

Question

I have a website which users upload large files on it. In order to keep site responsive, I have separated upload part from the main part. Now there are two websites with two different app pools but both app pools are using the same user identity to run. The problem is now users must first login into the main site and in order to upload they have to login again! How can I auto login a user which has already logged in the main site?

I'm using ASP.NET MVC but with Old ASP.NET membership on Windows Server 2016 (IIS 10) and here is my web.config:

<membership>
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="NewsDb" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="3" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
  </providers>
</membership>

Answer 1

to share form authenticate in different websites, you need to make sure your websites are under same main domain, otherwise you will need to implement a lot of codes

check your <authentication> node in your web.config

for your main website with login page

<authentication mode="Forms">
<forms loginUrl="login.aspx" name="{your_auth_cookie_name}" timeout="120" slidingExpiration="true" domain=".yourdomain.com"  enableCrossAppRedirects="true"/>
</authentication>

for your upload site

<authentication mode="Forms">
<forms loginUrl="https://mainsite/login.aspx" name="{your_auth_cookie_name}" timeout="120" slidingExpiration="true" domain=".yourdomain.com"  enableCrossAppRedirects="true"/>
</authentication>

if your deployed your websites on different server, you may need unify the machine key to make sure the decryption of auth cookie is correct