I have 3 ASP.NET applications running on a webserver. Each uses form based authenication. The form checks a database table to determine if a user can access the application.
I have found to my shock that once a user authenicates to one site, if they try to access a page another of the sites, they aren't challenges with a login screen. Any ideas how to fix this?
Info:
- each site is in its own virutal folder on the server
- each site has a login.aspx file
- each site has a web.config with the following setting
<authentication mode="Forms">
<forms name=".namesuffix" loginUrl="login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
If tried making each web.config unique by putting the path to the login.aspx, but this didn't work.