Sharing login cookie between applications. ASP.NET Core

0
votes

What is the correct way to share the login cookie with an asp.net core application?

I've got a single application running behind multiple subdomains i.e :

  • site1.mydomain.com
  • site2.mydomain.com

and I can't get the authentication to persist across both.

I have the startup.cs configured in the following manner and this allows me to authenticate via google : 

app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    LoginPath = new PathString("/account/login"),
    AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
    CookieDomain = ".mydomain.com",
    CookieName = "AuthenticationCookie"
});

app.UseGoogleAuthentication(options =>
{
    options.ClientId = "xxx";
    options.ClientSecret = "xxx";
});

I also believe I correctly setup the data protection services because I currently have the site running in multiple docker containers and the application can successfully load balance.

What is confusing me is when I inspect the cookies set by the authentication process it always has the site1.mydomain.com logged against the authentication cookie and not .mydomain.

It's like the cookiedomain is being ignored during the authentication process.

Any pointers would be gratefully received.

1
authenticationcookiesasp.net-core
Did you had a look at OpenIddict, an open source & lightweight OpenID server? - Tseng
I hadn't however it looks like I need to pull in the RC2 nightly to get things up and running and in my case it looks overkill. - RubbleFord

1 Answers

1
votes

You might want to have a look at Identity Server for handling this type of scenario.

https://github.com/IdentityServer/IdentityServer4

It's a single sign-on framework based on oidc and oauth2. You could either host it in one of your existing sites, or create a third site that will act as the authentication service for your other sites.