stackoom
  简体   繁体   中英

Sharing Authentication Cookie in ASP.NET 5 across subdomains

 原文  2015-07-17 12:55:48       asp.net/ authentication/ cookies/ single-sign-on/ asp.net-core

Question

I have two ASP.NET 5 MVC 6 applications.

One is running at www.mydomain.tld and one at world1.mydomain.tld .

If a user gets logged in on www subdomain's application, I want her to be logged in on world1 subdomain's application as well. The login is realized with ASP.NET Identity 3.

I've set up both applications in Startup.cs as follows: 

public void ConfigureServices (IServiceCollection services) {
    // [...]

    services.AddCaching();
    services.AddSession(
        options => {
            options.CookieDomain = ".mydomain.tld";
            options.IdleTimeout = TimeSpan.FromMinutes(30);
        }
    );

    // [...]
}

public void Configure (IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory) {
    // [...]

    app.UseCookieAuthentication(null, IdentityOptions.ExternalCookieAuthenticationScheme);
    app.UseCookieAuthentication(null, IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme);
    app.UseCookieAuthentication(null, IdentityOptions.TwoFactorUserIdCookieAuthenticationScheme);
    app.UseCookieAuthentication(
        config => {
            config.CookieDomain = ".mydomain.tld";
        },
        IdentityOptions.ApplicationCookieAuthenticationScheme
    );

    // [...]
}

I've also set the machine key of both applications via web.config as follows: 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <machineKey decryption="AES"
                decryptionKey="SOME DECRYPTION KEY"
                validation="HMACSHA256"
                validationKey="SOME ENCRYPTION KEY" />
  </system.web>
</configuration>

Logging in on www subdomain works, but accessing sites on world1 subdomain doesn't work, because the authentication cookie is not being recognized as a valid login cookie.

What am I doing wrong?

1 answers

solution1
 5 ACCPTED  2015-07-18 19:52:12

Apps are automatically isolated from one another. You need to ensure three things;

  1. They use the same key store
  2. They use the same application ID.
  3. They're in the same app pool, or the identity on each pool is identical.

Apps running on the same host, under the same hosting mechanism will use the same key store. If these are on separate machines you will need to use a key store on a network drive, or other shared place such as azure blob storage.

In order to set an application ID common to both applications you need to configure the data protection stack.

For example, 

public void ConfigureServices(IServiceCollection services)
{
    services.AddDataProtection();
    services.ConfigureDataProtection(configure =>
    {
        configure.SetApplicationName("my application");
    });
}

If you need to run the applications as different users then you need to change how the keys are protected to either use machine level DPAPI or an X509 certificate.

You don't need a machine key entry in your web.config, machine key is no longer users.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Site Authentication Cookie sharing asp.net membership forms cookie not showing logged in across subdomains ASP.NET webforms and MVC authentication sharing via cookie Asp.Net Cookie sharing ASP.Net Forms Authentication cookie is passed across sessions ASP.NET MVC Session across subdomains ASP.NET Identity Across Subdomains sharing asp.net 4 forms authentication cookie with asp.net core 2.0 Asp.Net Forms Authentication with Subdomains ASP.NET Core Sharing Identity Cookie across azure web apps on default domain (*.azurewebsites.net)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM