Cookie based authentication on multiple 'localhost' Asp.Net Core Sites

Question

Scenario is only an issue on a development machine.

I have multiple different and entirely independent ASP.NET Core 2.2 projects running on my dev machine under "localhost".

Once I successfully authenticate and log in on one project, I can no longer log in to the other projects. I'm assuming it's something to do with the auth cookies.

All projects have the same identical and basic Identity authentication.

    services.AddAuthentication();

    services.ConfigureApplicationCookie(opt =>
    {
        opt.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.None;
        opt.Cookie.HttpOnly = true;                
        opt.Cookie.Expiration = TimeSpan.FromHours(4);
        opt.ExpireTimeSpan = TimeSpan.FromHours(4);
    });

The sign-in call is succeeding:

result = await _signInManager.PasswordSignInAsync(portal.ID, model.Username, model.Password, model.RememberMe, true, loggedInUser);

However, once the user is redirected to the home page, which required authentication, I see the following in the debug output:

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed.

... and the user is kicked back to the login page.

Is there a way around this issue?

Answer 1

I would consider running your sites under different domains, and then mapping the domains to localhost (or rather, 127.0.0.1) in your hosts file.

This question explains the technique: Add subdomain to localhost URL

Here is an article which explains the hosts file for different operating systems: https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

Answer 2

Problem solved.

services.ConfigureApplicationCookie(opt =>
{
    opt.Cookie.Name = "Unique Value Per App";
});

All I have to do is post on SO and the problem solves itself!