Hi I am developing two web services on Azure, saying "domain1.azurewebsite.net" and "domain2.azurewebsite.net". I have implemented the ACS authentication in both services under the same Active Directory. Now I need to log in through domain1.azurewebsite.net and share the cookie (which contains the auth token) with domain2.azurewebsite.net, so that I can access the data service of domain2 in domain1.
I have followed the suggestions online, which sets the cookie domain=".azurewebsite.net". I am expecting such cookie to be shared by all the sub domains, i.e., "*.azurewebsite.net", so that the cross domain purpose can be achieved. The setting is done in the web.config as follows
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false"
domain=".azurewebsites.net"
hideFromScript="false"
persistentSessionLifetime="0:30:0" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://focusns.accesscontrol.windows.net/v2/wsfederation"
realm="urn:Focusns"
requireHttps="false"
persistentCookiesOnPassiveRedirects="true" />
</federationConfiguration>
</system.identityModel.services>
To enable the cross domain request, I used CORS and I have correctly set the response headers from "domain2.azurewebsite.net" as follows:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://domain1.azurewebsites.net
However, my problem is that the cookie with ".azurewebsite.net" domain is not attached when log into domain1.azurewebsite.net. I cannot even see them when I inspect the cookies, when I am using Chrome, Opera, FF. But I do see the cookies in IE11, in which everything is working fine. I found the difference among different browsers in the link browser security handbook part 2, and I suspect the reason is IE doesn't support host-scope cookie.
Anyway, does anybody know how I can address the problem? I need it work in Chrome, FF, etc. Thanks in advance
