skyfoot
Reputation: 20769
sharing asp.net 4 forms authentication cookie with asp.net core 2.0
We have multiple applications setup in IIS with one application handling the login for all applications. This application is an asp.net 4 site and uses a forms authentication cookie.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" protection="All" cookieless="UseCookies" path="/" name="CookieName" />
</authentication>
We can successfully use this cookie to login to asp.net 4.5 apps using owin.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
TicketDataFormat = new SharedTicketDataFormat(),
CookieName = "CookieName",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity =
SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
public class SharedTicketDataFormat : ISecureDataFormat<AuthenticationTicket>
{
public string Protect(AuthenticationTicket data)
{
return FormsAuthentication.Encrypt(new FormsAuthenticationTicket(data.Identity.Name, false, -1));
}
public AuthenticationTicket Unprotect(string protectedText)
{
var ticket = FormsAuthentication.Decrypt(protectedText);
var identity = new FormsIdentity(ticket);
return new AuthenticationTicket(identity, new AuthenticationProperties());
}
}
In asp.net core 2.0 I do not know to to wire up the app to use the shared cookie
In Startup.cs Configure
app.UseAuthentication();
ConfigureServices
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "CookieName";
});
Upvotes: 4
Views: 2731
Answers (1)
ssmith
Reputation: 8962
My understanding is that you need to change from relying on machine key for your cookie encryption and switch over to use a DataProtectionProvider. This article in the docs spells out everything very clearly:
Upvotes: 1
Related Questions
- Share authentication cookie between IdentityServer4 clients
- Authentication cookie sharing between ASP WebForms and ASP.NET Core MVC app
- share authentication cookie between .Net Core Web Apps
- Share cookie .net Core 3 and Asp.net
- Sharing Cookies Between Two ASP.NET Core Applications
- How to share session and cookie between asp.net web form application and asp.net core application?
- Authentication with Cookies in ASP.NET Core
- Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications
- Shared cookie authentication between ASP.NET Core RC2 and .NET 4.5.1 apps
- Sharing login cookie between applications. ASP.NET Core