Last post Mar 06, 2016 03:53 PM by npongracic
Mar 06, 2016 12:57 PM|npongracic|LINK
I am having problems running cookie authentication (without identity) in asp.net 5. I want to have different web applications for each module in my overall app and i want to be able to login in in one of them and be authenticated in all of them (single sign
The apps are hosted in IIS, on the same domain and running the same app pool. I even tried setting the cookiename to the domain. I tried setting up DataProtection api using the provisioning script: https://github.com/aspnet/DataProtection/blob/dev/Provision-AutoGenKeys.ps1 -
no go. Tried using the persist keys to the filesystem options, no go.
Still doesn't work, the log of the app says that it's using the registry for keys and everything but i still have to login to each application. I tried setting the same application name in each of the apps but it still doesnt work, like so:
opt.SetApplicationName("AppName"); // Also tried setting persistkeystofilesystem here, doesn't work
This is the cookieauth configuration:
if (options == null)
options = new Action<CookieAuthenticationOptions>(opt =>
opt.AuthenticationScheme = "Cookies";
//opt.DataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(settings.Value.SharedAuthTicketKeysLocation)); //this doesnt work either, only when hosted in IISExpress
opt.LoginPath = new PathString("/account/login/");
opt.AccessDeniedPath = new PathString("/account/forbidden/");
opt.AutomaticAuthenticate = true;
opt.AutomaticChallenge = true;
opt.Events = new CookieAuthenticationEvents // Tried commenting this out, no help
OnValidatePrincipal = LastChangedValidator.ValidateAsync
In IIS the apps are setup as different applications under a same website (FRONT/app1, FRONT/app2 etc.)
I'm sure i'm doing something wrong but there is little to no (useful, not outdated) documentation on this topic.
Mar 06, 2016 03:28 PM|BrockAllen|LINK
If you want true SSO, then don't hack it with a shared cookie. Use a proper solution:
Mar 06, 2016 03:53 PM|npongracic|LINK
Yes that was my next step but still...
The documentation for IdentityServer 4 still refers to it as IdentityServer 3 so i'm not entirely sure i want to go down that road or if its even ready for use. Not that i have experience with older IdentityServer versions so i don't know how difficult it
is to setup.