Microsoft documentation mentioned that you should not share Windows Live ID users between two applications. See the following rule in Windows Live Authentication:
- Each application in Windows Live ID can support only one static domain for return URL.
- At time writing this document you cannot change the domain of return URL and if you going to change the domain of one application in Windows Live ID application management it said you should create new application.
- Windows Live Authentication gives different User ID for same user in separate application.
This fact causes some problem for site administrators.
First the big problem occur when you going to change the domain of one application. According to this three rule you will lose of all user ID if you going to change the domain or sub domain of your application. Unfortunately they still do not offer any solution for how to migrating from one application to other application.
Second problem is that some website solution spread to more than one domain or sub domain but they need single sign-in solution. You may have separate domain but they act as single application, such as mail.yoursite.com and profile.yoursite.com.
Solution
You can create one Windows Live ID application with unique domain name such as auth.shetab.com to act as proxy. It will redirect it to target domain and subside. Shetab Windows Live Authentication implements this for you. We recommend you to create a web application in your IIS for authentication management and put install our authentication file in it regarding to the installation in structure. Set this web site as your return URL of your Windows Live ID application. Shetab Windows Live Authentication for SharePoint understands this redirecting and you can Share your Windows Live Users between your SharePoint applications across different domain.
Shetab Windows Live Authentication for SharePoint already provides such delegate site in tools folder. for this do the following instruction:
- Create a sub domain such as auth.yourdomain.com in your IIS web site.
- Copy the contents of "Delegate System" folder in to its directory. You can find "Delegate System" folder in "Tools" folder of Shetab Windows Live Authentication for SharePoint package.
- Set the return domain of your live id service to "http://auth.yourdomain.com/livehander.aspx".
Note: Even if you don't want using SharePoint it will be a solution and keep your Windows Live Users for any other web application you have.
Note: When using Shetab Windows Live Authentication for SharePoint you may have problem during sign-out because of lack of information Windows Live ID send during sign-out. We still working in this problem to find the best solution.
Sample
After you sign-in to this site, first you will redirect to "http://auth.shetab.com/livehander.aspx" then it will redirect you back to section of the SharePoint site that you signed-in.