Vulnerability in EPiServer.Forms
I have an enterprice setup (Epi 8) with multiple sites and different domains and I'm trying to solve so that the editors don't have to login on each domain to be able to edit the sites.
I found the uiUrl solution that makes it possible to have the same ui domain to all the sites, but when I do the pages that doesn't have the same main domain as the uiUrl domain stops working (in EPi admin).
Is there some way to get this to work?
is CodeBase/database for all those sites same?
Yes, it's one setup with multiple sites in the same solution.
by default when using Forms Authentication, authentication is stored in a cookie per domain in the visitors browser. By default usng forms authentication this can't be achived.
This can be achived by introducing some custom provider (Consider scecurity aspects, you may have to hijack sessions), but there are many other options that you can consider depending on your setup.
Visit http://world.episerver.com/documentation/Items/Developers-Guide/EPiServer-CMS/8/Security/Security/ if you have not done before.
If you set up all websites on subdomains to the same domain and then configure the authentication to share the cookie, it should work. Please see http://http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domainstackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain and for the config see the first answer here http://stackoverflow.com/questions/2056686/asp-net-forms-authentication-and-multiple-domains
So basically you would end up with...
Public domains for visitors:
Domains for editors: