On a recent application development for one of our clients, I was faced with having to support a preview that is available on the live site to restricted authors, that were allowed to author content. The main issue was that the application that manages the content uses forms authentication for all users, however the front end does not require any authentication. To allow this authentication to occur a few things must be set in both applications:
Firstly the machine key set in the WEB.Config must match on both applications, and must have the validation type set.
<machineKey validationKey="xxx" decryptionKey="xx" validation="SHA1" />
Also the Forms Autheication set up must have the same name in the Web.config.
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" protection="All" path="/" timeout="30" />
Also it is advised that both applications share the same application pool. and that the user restrictions are set in the web.config to meet your specific user access requirements.
More to come on this on Monday!