Reputation: 1161
Using ASP.Net Identity on multiple web applications
I've got several applications hosted on the same IIS (different context roots), that are all protected using the Microsoft.ASPNet.Identity 2.1 NuGet packages. At the moment however, when I log in to one of the applications, the next visit to any of the other applications prompts me to log in again. I can't be logged in to more than just one of the applications at once.
I'm guessing that they are all using the same cookie to store the login token, so when you log in on one app, it resets the cookie which becomes invalid for requests to the other applications.
What are my options for resolving this? I don't mind having to log in to each app individually, so can each app be configured to use a different cookie?
Alternatively, each app does in fact share the same User table in the DB, so it might be possible to configure it so that when you log in to one of the applications, the others also become logged in.
Upvotes: 6
Views: 6206
Answers (3)
Reputation: 19725
Yes, this is because on 'localhost' you are sharing the same cookie. This will not happen on production, because cookies are domain only. (unless, of course, all applications are deployed to same domain).
This is kinda annoying on localhost but easy to solve. Just change the name of the cookie for each application.
This varies from identity version to version but something like this is what you are looking for :
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "MyApp1", // <-- add this, with different names for each app
// ...
});
normally found on Startup.Auth.cs or Startup.cs file.
As of using the same cookie on all applications (if they share subdomain.domain) you need to get MachineKey (validationKey, and decryptionKey) AND same cookie name on all your applications.
something like this on web.config:
<machineKey
validationKey="..." <-- some valid validation key
decryptionKey="..." <-- some valid decryption key
validation="SHA1"
decryption="AES"/>
Upvotes: 3
Reputation: 23700
Have a different cookie name for each app:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "CookieNameHere",
});
As shown on this page http://tech.trailmax.info/2014/07/rename-authentication-cookie-name-of-asp-net-identity/
Upvotes: 8
Reputation: 2362
I think Single Sign-On could be your solution. Search for it on Google.
For your start up, you can refer couple of links below:
Claim base Single Sign-on for Web and Azure
Single Sign-on for existing MVC App
Hope this is what you are looking for and will resolve your problem.
Upvotes: 2
Related Questions
- Central login/authentication app for two separate ASP.NET MVC apps using ASP.NET Identity
- Asp Net Identity shared between multiple applications
- ASP.NET Identity in a Web API
- Using Asp.net mvc identity in multiple projects
- Identity Shared between Applications - Identity Framework C#.NET
- How do I use ASP.NET Identity across my MVC and WebAPI?
- AspNet Identity in hybrid MVC/Web Api controller Site
- ASP.NET Identity with multiple applications
- ASP.Net Identity - Central User Database for Different Apps?
- How to design and develop common asp.net identity for both asp.net mvc and asp.net web.api