I'm a web developer who's working in a new shop with developers from a desktop background - as such they have certain idiosyncrasies/best practices when it comes to organizing their code - one of which is that separate UI views are isolated into different projects.

So, on the web side of the house, I have a problem with different projects building in different app domains:

1) I have a "portal" project with a default.aspx In the code behind there is a custom authentication method called from inside the Login_Authenticate event to log into the "business layer" of the desktop application. The business side stores session data in ASP.NET sessions.

2) I have a "viewer" project with default.aspx - this was originally in the portal project as "Viewer.aspx", where it was covered under the same login scheme and authenticated fine, but we decided it would be good to stand on it's own project because it is a separate view.

We added the same machine key to both web.config files so the .NET forms authentication could be passed via single sign on.

I built the viewer project in two different the fashions:

1st Try (it's own URL):

http://localhost/Viewer

2nd Try (a subdomain under the portal URL):

http://localhost/Portal/Viewer

The issue I'm running into is that the session is not being passed between the Portal project and the Viewer project. I know this is because IIS is running them in different app domains. Unfortunately without the ASP.NET session from the Portal, the Viewer is not logged into the business application.

Is there a best practice/is it even possible for running multiple projects in one app domain? Should the Viewer be a part of the Portal application since it requires the same session? Should the Viewer be a separate project that requires it's own separate login into the business layer? Is there even a best practice/guideline for this scenario?