Owin CookieDomain IIS7 and SSL

Question

I am having a problem with setting up SSO between our apps, In the application that creates the cookie I have:

         app.UseCookieAuthentication(new CookieAuthenticationOptions
       {
          AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
          LoginPath = new PathString("/Account/Login"),
        //              LogoutPath = new PathString("/Account/Logout"),
        //              ExpireTimeSpan = TimeSpan.FromDays(1),
          CookieName = "mycookie",
          CookieDomain = ".mydomain.com",
       });

When testing this locally I get the result I expect

Cookie = Name: mycookie, Domain: .mydomain.com

However when I go to our test environment I get

Cookie = Name: mycookie, Domain: oauth.mydomain.com

Since the cookie has the root of the domain it does not work in the other applications. I have done everything I can think of but it just does not seem to want to use the domain specified in the configuration.

---

Update: It appears this is a problem when hosting from an IIS7 environment when using SSL. When not using SSL in IIS7 or when deployed to our UAT enviroment with IIS8 it works as expected.

When using SSL it is also not redirecting correctly. I think this problem is also related.

When I hit http://site.domain.com I am redirected to

http://auth.domain.com/account/login?returnUrl=site.domain.com

as expected, however If SSL is enabled I am redirected to

https:// site.domain.com /account/login?returnurl=site.domain.com

Answer 1

因此，问题似乎出在那些位于后面的服务器的防火墙/代理中。