Hi,
following this link https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/compatibility/cookie-sharing and having received much help on this forum (https://forums.asp.net/t/2120124.aspx?+SOLVED+Asp+Core+1+1+share+cookie+Auth+between+application), I managed to achieve a session sharing using share cookies between two (or more) Asp Core 1.1 web application.
In Startup.cs / method Configure :
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
LoginPath = new PathString("/Account/Login"),
AccessDeniedPath = new PathString("/Home/Forbidden"),
AutomaticAuthenticate = true,
AutomaticChallenge = true,
CookieName = "ASPTest",
ExpireTimeSpan = new TimeSpan(1, 0, 0), //1 hour,
DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"c:\shared-auth-ticket-keys\"))
});
Well, I have a question about using the the same folder to share the Authenticated encryption key (which allows each App to uncrypt the auth cookie and get all store information). It works with a trivial "c:\shared ...." folder, but what are good practices
to store such a file ? I suppose we don't have access to C: disk directly in a production env.
Where do you suggest to store this file, keeping in mind that the directory has to be the same (so reachable) for all app.
Many thanks for your help
Nicolas