Is it possible to configure a multi-site EPiServer install that doesn't require the user to re-authenticate when moving from site to site in Edit Mode?
The problem is that Edit Mode runs under the domain name of the site of the page you're viewing. So, if you move from a page on Site A to a page on Site B, the domain name in the browser changes, your cookies clear, and you are no longer authenticated. You have to login again.
Sure, you only have to do this once per browser session, but my client will have 86 Web sites. It's a problem.
How can I configure Edit Mode to stay on the same domain, no matter what site the currently-viewed page belongs to.
You could try using sub domains to solve this issue. E.g if you have site a (www.sitea.com) and site B (www.siteb.com) youcould create a subdomain called othersite.sitea.com that is setup as a second domain for site B. That means http://www.siteb.com and http://siteb.sitea.com points to the same site in IIS.1. Setup the subdomain siteb.sitea.com and add the domain to site B in IIS2. Modify the site settings in web.config <site description="Site A" siteId="SiteA"> <siteHosts> <add name="www.sitea.com" /> <add name="*" /> </siteHosts> <siteSettings ... siteUrl="http://www.sitea.com/" uiUrl="http://www.sitea.com/cms/" utilUrl="http://www.sitea.com/util/" /> </site> <site description="Site B" siteId="SiteB"> <siteHosts> <add name="www.siteb.com" /> <add name="siteb.sitea.com" /> <!-- subdomain used for episerver edit purpose only --> </siteHosts> <siteSettings ... siteUrl="http://www.siteb.com/" uiUrl="http://siteb.sitea.com/cms/" utilUrl="http://siteb.sitea.com/util/" /> </site> 3. Set the domain tag on the forms setting in web.config. Default behavior when you logon to a site e.g http://www.sitea.com the domain on the cookie is set to www.sitea.com. This cookie will not work when the editor opens a page on site b in edit mode because siteb.sitea.com does not match. By setting the domain to "sitea.com" it will match both www.sitea.com and siteb.sitea.com <authentication mode="Forms"> <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" domain="sitea.com" /> </authentication>NB If site B is a site that allows the users to sign in some maner you cannot use the Login controls in asp .net because these will rely on the forms settings in web.config and create cookies with "sitea.com" as domain. Then its better to use the FormsAuthentication class and set the authentication cookie for the user yourself.
Fantastic solution. I just tested it, and it worked.
I missed Step #3 at first, so I spent an hour debugging that and was just about to respond and explain how I "fixed" your solution...then I noticed Step #3. There's an hour of my life I'm not getting back.
Thanks again. I appreciate your help.
I have multiple sites in my episerver depending on the instance the sites page tree is being shown in edit mode. Is there any way to show the same page tree ireespective of users loged in domain so that i can set that as default page tree that will be shown irrespective from which doain the edit mode is accessed.
Isn't this a possible solution when people want to have a single sign on experience on the frontside of different sites? It is interesting for administrators to not have to log in for each site when working in admin mode, but when you have related sites for which a SSO would be in place then this seems like a great solution to have it also work at the front.Or am I overlooking something here?
With the solution suggested by Jarle, are there EPiServer licence implications? Would an extra licence be needed for each subdomain? In the example above, would licences be needed for www.sitea.com; www.siteb.com and siteb.sitea.com?
No, but I don't remember why. My client had a multi-site license, obviously, but I know they weren't burning two domains per site -- they would have run out long before launch (they did 86 sites on 100-site license).
I wish I could remember why this is so. I'll send this on to some others who might be able to explain better.
I remember now -- the licenses are for IIS sites, not domains. All the admin sites where served out of the same IIS site -- "siteb.sitea.com" and "sitec.sitea.com" were all alternate domains mapped to the same IIS site.
Does anyone know how/where I can set the uiUrl and utilUrl in EPiServer CMS 7.5?. Or is there any better solution to this problem in the newer versions? (since they restructured many of EPiServers configs).
Hi Joakim,You will find them both as attributes of ApplicationSetting in web.config.