Hosting Asp.net 2.0 Application on MOSS 2007

When we have extranet scenarios when people need to have access not only to SharePoint site but also to a custom ASP.NET 2.0 web application we will require to have the same credentials to access to both app's. Assuming that both app's require FBA enable, we can change some entries in the asp.net 2.0 web.config file to accept same SharePoint authentication context.
First we need to set the membership and role provider for both app's and point to the same authentication database.



type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="EPSSqlConnString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />




type="System.Web.Security.SqlRoleProvider, System.Web,Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="XXXSqlConnString"
applicationName="/" />


It's important to set in both web.config files (SharePoint Web Application web.config file and ASP.NET application web.config file the same authentication cookie name.


And the most important tip is to copy to the ASP.NET Web Application web.config file from the SharePoint web.config file the MachineKey entry. This, will allow us to share the authentication context between apps, check this post. validationKey="XXXXXXXXXXXXXXXX"
decryptionKey="XXXXXXXXXXXXXXXX"
validation="SHA1" />That's it. From now on your ASP.NET Web App will respect the same authentication cookie you have in SharePoint Site.