Forms Authentication works (by default) by storing an encrypted ticket as a cookie upon login, which the authentication module then reads and interprets to determine the currently logged in user.
For the situation you describe to work (if I am not misunderstanding you), the uri that forms your
HttpWebRequest
needs to either be in the same web application (which would be very unlikely) or it would be to a web application that is configured to use forms authentication with the same
machineKey
as the calling application. Configuring multiple applications with a common
machineKey
in
web.config is one way to achieve single sign-on, allowing the user to have one login that passes through to other applications. You can read the following article, under "Web Farm Deployment Considerations" to see how:
http://msdn.microsoft.com/en-us/library/ms998288.aspx[
^]
There is also a bunch of blog articles describing single signon you can find by googling "asp.net forms authentication single sign-on"
Then from the calling application it would be a matter of adding the forms authentication cookie that has already been created (again through the successful submission of a user login form) to the request object's
CookieContainer[
^] prior to making the call. If the target application is configured correctly, it will automatically interpret the cookie and the forms authentication credentials to determine the user.