ASP.NET 2.0 sports a new Forms Auth property, "EnableCrossAppRedirects". This can be set in the Forms Authentication web.config node, e.g.,
The way this works is that the EnableCrossAppRedirects property is checked within the RedirectFromLoginPage method when the redirect URL does not point to a page in the current application. If EnableCrossAppRedirects is true, then the redirect is performed; if EnableCrossAppRedirects is false, the browser is redirected to the page defined in the DefaultUrl property.
However, this is not sufficient to get you to "First Base". The name, protection, path, validationKey, and decryptionKey attributes must all be identical across all applications. In addition, the encryption and validation keys and the encryption scheme used for cookie data must be exactly the same. If the settings do not match, cookies can't be shared, and cross-app authentication won't work.
Here is an example web.config snippet:
<authentication mode="Forms" >
<!-- The name, protection, and path attributes must match
exactly in each Web.config file. -->
<!-- Validation and decryption keys must exactly match and cannot
be set to "AutoGenerate". The validation algorithm must also
be the same. -->
I wrote an article about this a long time ago, it' still valid today. There is also a sample page that will generate a machinekey element for you here.