ASP.Net MVC Single-Sign On

We're in a period of moving all our applications to sub-domains of the same primary domain.

Once this is done we aim to move our entire set up to a Single Sign-On system. Currently, we use Forms authentication and set a cookie containing an encr开发者_运维问答ypted token when the user is successfully logged in.

When it comes to setting this up for SSO - is it simply a matter of changing the domain to which the session cookie(s) are set? Or are there other matters that need addressing for this to work.

Set the Machine key in the system.web section of your we.config's to the same value, get that from your IIS config:

<machineKey validationKey="<from IIS>" decryptionKey="<from IIS>"
validation="SHA1" decryption="3DES" />

Then all the sites will see the cookie as valid. The domain names in your section should be subdomains, I think. Well, it works when they are subdomains, don't know what it will do if the actual domain names are different.