I have a list of subdomains on my site that a user can select. I want to create an auth cookie for the subdomain they select only, not all of the subdomains Assuming my site is mysite.com then the user could see
- domainOne.mysite.com
- domainTwo.mysite.com
When they've selected their subdomain I do the following in the controller action
var faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
faCookie.HttpOnly = true
faCookie.Domain = (subdomain + ".mysite.com")
faCookie.Secure = FormsAuthentication.RequireSSL
response.Cookies.Add(faCookie)
return this.Redirect("http://" + subdomain + ".mysite.com")
where encTicket is just some encrypted user information
In fiddler I see this as the response
HTTP/1.1 302 Found
Cache-Control: private, s-maxage=0
Content-Type: text/html; charset=utf-8
Location: http://domainOne.mysite.com
Server: Microsoft-IIS/8.0
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
Set-Cookie: .ASPXAUTH=9ECF5B2533<snip>; domain=domainOne.mysite.net; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Fri, 19 Jul 2013 04:19:02 GMT
Content-Length: 142
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://domainOne.mysite.net">here</a>.</h2>
</body></html>
ok so all looks good to me here. The repsonse is telling the browser to add a cookie for the subdomain. The subsequent GET based on the redirect however does not have the cookie at all in its request.
Is there some trickery that I'm missing? Just to be clear I don't want to create a cookie for the root (.mydomain.com) as that would give authentication across all subdomains.
Thanks for any help