stackoom
  简体   繁体   中英

Share OWIN Authentication Cookie across two domains connected with one IIS application

 原文  2020-09-11 12:30:14       c#/ asp.net-mvc/ authentication/ iis/ cookies

Question

I want to know, if there is a possibility to share OWIN Authentication Cookie across domainA.com and domainB.com which both are connected to the same IIS application. What I want to achieve, is when user logs in domainA.com and go to domainB.com he will be logged in there too. Can I accomplish that without SSO logic? For now I have configured OWIN cookie authentication:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "AppCookieName",
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
            LoginPath = new PathString("/PathToLogIn")
        });
 
        AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
    }
}

1 answers

solution1
 0  2020-09-14 07:02:04

The login logic we are familiar with is that the user sends a login request to domainA, domianA obtains information from the request and confirms it, and includes the verified cookie in the response.

So if you want to share the owin authentication cookie, the most basic thing is to ensure that the machine keys in domainA and domainB are the same.

  1. Configuring OWIN cookie authentication in statup.

  2. Redirect to appropriate login page. domainA and domainB are different two application, you need to make sure that when user browser either of them, it redirect to appropriate login page. And in one application add app setting key.

     <appSettings> <add key="LoginUrl" value="your login url"> <add key="LogoutUrl" value="your logout url"> </appsettings>

  3. Set up machine key. Make sure that domainA and domainB have same machine key. You can generate key from one site in iis and copy it to application config.

     <system.web> <machineKey decryptionKey="B6047E4219F0EF483DCBBAC097AF677E8D199DC1909596DB" validationKey="9E525E30F6D68862E6157607F9E3EB9E17FFCF366B7D6C080622097D5BFCA1E83B993A8B8DB5FAFFB6B0F7BA092BD8948DC0A1F5DF119B606F1965F4DDFF4D5A" /> </system.web>

在此处输入图片说明

If you do not use SSO logic, it may be difficult to achieve, SSO is currently the most appropriate and effective method.So I suggest you to use SSO. You can refer to the document to share cookie.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OWIN Cookie authentication not working on IIS 8.5 Using both OWIN Cookie Authentication and Windows Authentication in the same MVC application OWIN Cookie Authentication Forms Authentication across Sub-Domains on local IIS Is it possible to share forms authentication *only* across sub-sub domains? Cookie authentication and multiple domains Can we share a static field across Application domains? Cookie persistence not working in OWIN authentication Cookie share between sub domains How to get identity of SignalR connected users which are using client mvc application with owin authentication?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM