Hello,
I am having problems running cookie authentication (without identity) in asp.net 5. I want to have different web applications for each module in my overall app and i want to be able to login in in one of them and be authenticated in all of them (single sign on).
The apps are hosted in IIS, on the same domain and running the same app pool. I even tried setting the cookiename to the domain. I tried setting up DataProtection api using the provisioning script: https://github.com/aspnet/DataProtection/blob/dev/Provision-AutoGenKeys.ps1 - no go. Tried using the persist keys to the filesystem options, no go.
Still doesn't work, the log of the app says that it's using the registry for keys and everything but i still have to login to each application. I tried setting the same application name in each of the apps but it still doesnt work, like so:
services.AddDataProtection();
services.ConfigureDataProtection(opt =>
{
opt.SetApplicationName("AppName"); // Also tried setting persistkeystofilesystem here, doesn't work
});This is the cookieauth configuration:
if (options == null)
{
options = new Action<CookieAuthenticationOptions>(opt =>
{
opt.AuthenticationScheme = "Cookies";
//opt.DataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(settings.Value.SharedAuthTicketKeysLocation)); //this doesnt work either, only when hosted in IISExpress
opt.LoginPath = new PathString("/account/login/");
opt.AccessDeniedPath = new PathString("/account/forbidden/");
opt.AutomaticAuthenticate = true;
opt.AutomaticChallenge = true;
opt.Events = new CookieAuthenticationEvents // Tried commenting this out, no help
{
OnValidatePrincipal = LastChangedValidator.ValidateAsync
};
});
}
app.UseCookieAuthentication(options);In IIS the apps are setup as different applications under a same website (FRONT/app1, FRONT/app2 etc.)
I'm sure i'm doing something wrong but there is little to no (useful, not outdated) documentation on this topic.
Thank you!