Reputation: 1695
Auth0 ASP.Net.Owin SSO Validate cookie cross domain
I am trying to setup SSO on my ASP.NET apps on the same domain using Auth0 & OWIN. I used the following tutorial to setup my Owin Context.
I configured the Auth0 cookie with a name & Domain with the CookieAuthenticationOptions in startup.cs:
string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"];
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"];
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"];
// Enable Kentor Cookie Saver middleware
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//Add Cross domain
CookieName = "sso.example.com",
CookieDomain = ".example.com",
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
My Auth0 Configuration in Startup.cs:
var options = new Auth0AuthenticationOptions()
{
Domain = auth0Domain,
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
Provider = new Auth0AuthenticationProvider
{
OnAuthenticated = context =>
{
// Get the user's country
JToken countryObject = context.User["https://example.com/geoip"];
if (countryObject != null)
{
string countryCode = countryObject["country_code"].ToObject<string>();
string Lat = countryObject["latitude"].ToObject<string>();
string Long = countryObject["longitude"].ToObject<string>();
string City = countryObject["city_name"].ToObject<string>();
string Country = countryObject["country_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("country_code", countryCode, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("country_name", Country, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("city_name", City, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("longitude", Long, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("latitude", Lat, ClaimValueTypes.String, context.Connection));
}
JToken userMeta = context.User["https://example.com/user_metadata"];
if (userMeta != null)
{
string companyName = userMeta["company"].ToObject<string>();
context.Identity.AddClaim(new Claim("company", companyName, ClaimValueTypes.String, context.Connection));
string fullName = userMeta["full_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("full_name", fullName, ClaimValueTypes.String, context.Connection));
}
JToken rolesObject = context.User["https://example.com/app_metadata"];
if (rolesObject != null)
{
string[] roles = rolesObject["roles"].ToObject<string[]>();
foreach (var role in roles)
{
context.Identity.AddClaim(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, context.Connection));
}
}
return Task.FromResult(0);
}
}
};
options.Scope.Add("openid profile"); // Request a refresh_token
How would I go about authenticating the client on the secondary application? The Cookie is available on the secondary application but I still have to go through the login proccess with Auth0. Am I missing something? Or is there an article I can read about the implimentation?
Upvotes: 0
Views: 569
Answers (1)
Reputation: 1695
I resolved this by copying the same startup.cs on both apps, and adding a machine key to the root Web Config file, in the system.web tag.
Nothing changed from my initial configuration, I just changed the domain names to my domain.
Upvotes: 1
Related Questions
- Sharing owin identity cookie with MVC 5?
- ASP.NET OWIN Custom Cookie Authentication
- Create cookie with cross domain
- Generate and validate OWIN user tokens across domains
- .NET OWIN Authentication - Cookie + Windows (active directory)
- OWIN Cookie Authentication
- Owin use external forms authentication cookie
- ASP.NET Cross-Sub-Domain Single Sign-On Cookies
- Proper creation of a cross-domain forms authentication cookie
- Cross Domain Cookies With FormsAuthentication