I am running DNN v5.6.7, but not sure if this is really a DNN issue or a .NET one.

I have built a single-sign on page for a third party application and included it in my DNN file system. The page is called MySSO.aspx and it's in a folder called MySSO. It is not a DNN module, just a vb.net aspx page.

The problem I am having is that as soon as I redirect to this page, my forms authentication cookie is being deleted and therefore MySSO.aspx cannot identify & process the user.

I have checked permissions on the folder, I have created a web.config for the folder granting access to all users, but I cannot fix this issue? It is running on IIS7 under the .NET 4 frmaework.

Any suggestions?

this is expected behaviour - when a .net mapped request (aspx/ashx/asmx etc.) occurs it runs through the urlrewriter to see if it needs rewritten, it also runs through the security code to check the approriate permissions. As DotNetNuke supports multiple portals, this second item checks to see if the user has changed portal, to see if it needs to expire the auth cookie - if you use a custom aspx then DotNetNuke does not know what portal that belongs to (it extracts the page name, in this case "mysso" and doesnt find a refernce to it so can't determine the portal and decides this is a change of portal). In this type of case you need only include either a tabid or portalid in your request and then dotnetnuek can determine that it comes from a request for that portal and not log you out (the reason the host is not logged out is that it automatically has all permissions for all portals)

---

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US

perhaps your other sites dont have child/parent portals (I believe the check short circuits if there is only 1 portal). I'm not sure why you can't use a portalID, perhaps I didnt explain well - the request can look like www.mysite.com/desktopmodules/somemodule/mysso.aspx?portalID=0

---

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US