asp.net and mvc, security?

The company has a website that is driven with asp.net webforms. They would like to move over to MVC. So we have decided to create a new sub domain for the MVC page and then piece by piece convert the asp.net to mvc. How can i setup the security (selfmade authentication) to overlap from the webforms page to the mvc page. What i want to do is to move the user from asp.net webforms ove开发者_JAVA技巧r to mvc when they are accessing some code that has been rewritten. Then when they are using some other tools on the website they should be ported back to the webforms site. I dont want to validate the user between the move from the asp.net webforms to mvc and back. That should all happen automatically. Can i configure the sessions to stay intact when moving over to the new mvc subdomain? So the mvc should be able to access the same sessions that was created on the webforms site.

Assuming you're using forms authentication you should just need to ensure that the same domain-level cookie is used by both sites.

Some basic info here: http://forums.asp.net/p/1023838/1390821.aspx/1?Using+Single+Sign+On+in+Multiple+Applications+Sharing+Same+Domain

Try this page http://www.packtpub.com/article/mixing-asp.net-webforms-and-asp.net-mvc

It shows how to use webforms inside of an ASP.NET MVC site. You want it the other way round, but I think you can get the results you want by putting the existing webforms application into a new ASP.NET MVC application.

The article shows how you can access the same session variables from both parts, which I think enables your security implementation.