You can set the cookie to be the parent domain at authentication time but you have to explicitly set it, it will default to the full domain that you are on.

您可以在身份验证时将 cookie 设置为父域，但您必须明确设置它，它将默认为您所在的完整域。

Once the auth cookie is correctly set to the parent domain, then all sub-domains should be able to read it.

一旦 auth cookie 正确设置到父域，那么所有子域都应该能够读取它。

Yes, sure. You may need to roll your own at some stages, but it should be doable.

是的，当然。您可能需要在某些阶段推出自己的产品，但这应该是可行的。

One idea: as you redirect them across the boundary, give them a one-time pass token and then tell the receiving sub-domain to expect them (this user, from this IP, with this token).

一个想法：当你将它们重定向到边界时，给它们一个一次性传递令牌，然后告诉接收子域期待它们（这个用户，来自这个 IP，使用这个令牌）。

When you authenticate the user, set the authentication cookie's domain to the second-level domain, i.e. parent.com. Each sub-domain will receive the parent domain's cookies on request, so authentication over each is possible since you will have a shared authentication cookie to work with.

当您对用户进行身份验证时，将身份验证cookie 的域设置为二级域，即parent.com。每个子域都会根据请求接收父域的 cookie，因此可以对每个子域进行身份验证，因为您将有一个共享的身份验证 cookie 可以使用。

Authentication code:

验证码：

System.Web.HttpCookie authcookie = System.Web.Security.FormsAuthentication.GetAuthCookie(UserName, False);
authcookie.Domain = "parent.com";
HttpResponse.AppendCookie(authcookie);
HttpResponse.Redirect(System.Web.Security.FormsAuthentication.GetRedirectUrl(UserName, 
                                                                       False));

As a side note, I found that after using jro's method which worked well +1, the FormsAuthenication.SignOut() method didn't work when called from a subdomain other than www/. (I'm guessing because the .Domain property doesn't match) - To get around this I used:

作为旁注，我发现在使用 jro 的 +1 方法后，当从 www/ 以外的子域调用时，FormsAuthenication.SignOut() 方法不起作用。（我猜是因为 .Domain 属性不匹配） - 为了解决这个问题，我使用了：

if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
            {
                HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
                myCookie.Domain = "parent.com";
                myCookie.Expires = DateTime.Now.AddDays(-1d);
                Response.Cookies.Add(myCookie);
            }

In addition to setting a cookie to parent domain also need to make sure that all sites (apps) have same validationKey and decryptionKey () so they all recognise each other's authentication ticket and cookie. Pretty good article here http://www.codeproject.com/KB/aspnet/SingleSignon.aspx

除了给父域设置 cookie 还需要确保所有站点（应用程序）具有相同的validationKey 和decryptionKey() 以便它们都能识别彼此的身份验证票和cookie。相当不错的文章http://www.codeproject.com/KB/aspnet/SingleSignon.aspx

2 things to be done:

要做的2件事：

1. MachineKey should be same in all web.config (main domain and sub domain(s))
2. AuthenticationCookie domain name should be same.

1. 所有 web.config（主域和子域）中的 MachineKey 应该相同
2. AuthenticationCookie 域名应该相同。

Follow the followingarticle for more depth.

请按照以下文章进行深入了解。

Jro's answer works fine. But make sure to update the webconfig forms authentication setting "domain", otherwise forms authentication signout will not work properly. Hereis the signout issue I came across. Trick here is to have a '.' as the prefix as the domain is set for the cookie as ".parent.com" (use a cookie inspector).

Jro的回答工作正常。但是一定要更新 webconfig 表单身份验证setting "domain"，否则表单身份验证注销将无法正常工作。这是我遇到的注销问题。这里的技巧是有一个“。” 作为域的前缀为 cookie 设置为“.parent.com”（使用 cookie 检查器）。

<authentication mode="Forms">          
      <forms cookieless="UseCookies" defaultUrl="~/Default" loginUrl="~/user/signin" domain=".parent.com"  name="FormAuthentication" path="/"/>
    </authentication>