Forms Authentication works (by default) by storing an encrypted ticket as a cookie upon login, which the authentication module then reads and interprets to determine the currently logged in user.
For the situation you describe to work (if I am not misunderstanding you), the uri that forms your
HttpWebRequest needs to either be in the same web application (which would be very unlikely) or it would be to a web application that is configured to use forms authentication with the same
machineKey as the calling application. Configuring multiple applications with a common
machineKey in
web.config is one way to achieve single sign-on, allowing the user to have one login that passes through to other applications. You can read the following article, under "Web Farm Deployment Considerations" to see how:
http://msdn.microsoft.com/en-us/library/ms998288.aspx[
^]
There is also a bunch of blog articles describing single signon you can find by googling "asp.net forms authentication single sign-on"
Then from the calling application it would be a matter of adding the forms authentication cookie that has already been created (again through the successful submission of a user login form) to the request object's
CookieContainer[
^] prior to making the call. If the target application is configured correctly, it will automatically interpret the cookie and the forms authentication credentials to determine the user.
Submit an article or tip