Using four stub services defined for Forms Authentication, I have been trying to get the authentication working across multiple services on IIS 7.0 when invoked through a Web Application or SharePoint.
Each of the services, including the Authenticator service that acts to validate the user, is setup with the same machine key and authentication form. The Authenticator service does not have the authorization, so users can access it anonymously.
I have setup the authentication through IIS for each of the services and parent application as such:
- Parent: Anonymous
- Parent/FormsAuthenticator: Anonymous/Forms
- Parent/TestServiceA: Anonymous/Forms
- Parent/FormsAuthenticator/TestServiceB: Anonymous/Forms
- Parent/TestServiceC: Anonymous/Forms
And for testing, I created a console app and SharePoint web part. Invoking the services on the console app by using HttpWebRequest, I can authenticate the user and access the services. Invoking the services on the SharePoint web part by using javascript: XmlHttpRequest, I can authenticate but the services keep trying to redirect to the login page.
Using Fiddler, it appears the Forms Authentication cookie that is defined in FormsAuthenticator.svc is not being sent out to the remaining services.
What am I missing so that Forms authentication will work in a browser?