CODEWITHSUNDEEP
c#cookiesasp.net-coreasp.net-core-2.0
Daath
Daath

Reputation: 1979

How to persist authentication cookie throughout all subdomains?

So I did the migration from aspnetcore1.1 to aspnetcore2.0, and am wrestling with the new authentication setup in Startup.cs.

All of my websites share the same domain '.example.com'. The user signs in using their Google account and is then issued an application cookie which I want to persist across all subdomains of '.example.com'.

Right now, though, when the user signs in, a cookie is successfully created, however they get logged out of every other site in the domain. Can someone take a stab at this?

public void ConfigureServices (IServiceCollection services)
{
    // ...-snip-...

    services.ConfigureApplicationCookie(options =>
    {
        options.Cookie.Name = ".AuthCookie";
        options.Cookie.Expiration = TimeSpan.FromDays(7);
        options.LoginPath = "/Account/Login";
        options.Cookie.Domain = ".example.com";
    });

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
       .AddGoogle(options => { /* ...-snip...- */ });

    // ...-snip-...
}

public void Configure (IApplicationBuilder app)
{
    // ...-snip-...

    app.UseAuthentication();

    // ...-snip-...
}

All of my apps share this same code in their Startup.cs files. Does it have something to do with using CookieAuthenticationDefaults? Or am I missing something in my ConfigureApplicationCookie?

Upvotes: 3

Views: 1390

Answers (1)

Daath
Daath

Reputation: 1979

Got it! Looks like I needed to create a data protection provider to share authentication cookies between applications. Here are the working code changes:

services.ConfigureApplicationCookie(options =>
{
    var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"c:\shared-auth-ticket-keys\"));

    options.Cookie.Name = ".AuthCookie";
    options.Cookie.Expiration = TimeSpan.FromDays(7);
    options.LoginPath = "/Account/Login";
    options.Cookie.Domain = ".example.com";
    options.DataProtectionProvider = protectionProvider;
    options.TicketDataFormat = new TicketDataFormat(protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"));
});

Upvotes: 3

Related Questions