Reputation: 11
Sharing Authentication Cookies across subdomains
We have created an ASP.NET Core 3.1 MVC web application and we are using cookie authentication scheme. Our .NET Core application is running on Apache Web Server via reverse proxy on a Linux OS.
We want to share authentication cookies across all sub domains (for SSO purpose), but unable to do so.
We have already tried the suggested solutions referenced below with no result:
ASP.NET Identity Cookie across subdomains on .Net and Core
https://bartwullems.blogspot.com/2021/09/aspnet-core-share-cookie-between.html
https://www.learmoreseekmore.com/2019/09/part-1-share-authentication-cookie-sso.html
Any suggestions on this will be very helpful.
Upvotes: 1
Views: 503
Answers (1)
Reputation: 885
You could consider doing something else. With cookie authentication the cookies relates to the domain and the path.
What about using something like JWT authentication. This is bearer tokens and works out of the box on as many subwebs which you would like and also is a tamper free security model that doesn't litter the cookies area with too many crumbs :)
Anyway, if proceeding with this or the choice is not free, consider if the path of the cookies have been set correctly. To be more precise - For example, suppose a cookie is issued with the domain attribute set to "example.com" and the path attribute set to "/subweb". If a user navigates to "subweb.example.com" or "example.com/subweb", the cookie will be sent in the request headers, and the server responsible for the "example.com" domain will process it for authentication purposes
Upvotes: 0
Related Questions
- Git push results in "Authentication Failed"
- How to generate COMMON KEY RING to Share cookies across subdomains?
- Share cookies between subdomain and domain
- Sharing cookie authentication from ASP.NET 5+ application to legacy ASP.NET 4.x
- ASP.NET Identity Cookie across subdomains on .Net and Core
- Token Based Authentication in ASP.NET Core