I am trying to share the authentication cookie between three web applications set up under single website in IIS. The first two are both .NET Core 2.1 applications and Im struggling to even get them to share it. My problem is the same as
Sharing Cookies Between Two ASP.NET Core Applications
but I cant get it to work in my environment. I have read "Sharing cookies among apps with ASP.NET and ASP.NET Core." and downloaded the "Cookie Sharing App Sample" and got it working (as the third app is ASP.NET) and now my code in StartUp.cs looks like this in both the 2 .NET Core applications
services.AddDataProtection()
.PersistKeysToFileSystem(new
DirectoryInfo(persistKeysToFileSystemDirectory))
.SetApplicationName(applicationName);
services.ConfigureApplicationCookie(options => {
options.Cookie.Name = cookieName;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
});
If the two application solutions run under localhost on my local machine (IISEXPRESS)
http:\localhost:8174\
http:\localhost:8175\
they work fine but when I deploy to the server (IIS) the url becomes
http:\devserver1:8000\App1
http:\devserver1:8000\App2
and they do not share the authentication
If I change my local solutions to run as
http:\localhost:8174\App1
http:\localhost:8175\App2
They do not share the authentication
I didnt think that I had to set the cookie domain property as they are all under the same site however I have experimented with locally
options.Cookie.Domain = "localhost";
and on the server
options.Cookie.Domain = "devserver1";
and nothing works and sometimes it wont even let me login (invalid domain?)
Any help would be appreciated
I am getting anxious and have progressed it and have more to add.
if I set the Applications up as separate web sites with different ports on devserver1
http:\devserver1:8174\
http:\devserver1:8175\
It works and they share the authentication (also I have not had to set the options.Cookie.Domain value) - however I will not be able to refer from one to the other using the relative url anymore so App1 will not be able to go to \App2 - I will have to use the full url - but at least it works
Its not the end of the world but this seems to undermine the whole concept of Applications in IIS Websites (what the point of them?) so Im starting to wonder whether the way Im setting up IIS is the problem.
I create an empty Website and then "Add Application" for each of my applications
Currently I am just trying to get this working on the Development server (devserver1) so I dont set up Host names as such I just refer to the webserver by the machine name
This all worked fine under FormsAuthentication sharing the machine key and Im really beginning to regret I started looking at .NET Core
Any help will be greatly appreciated
Try setting the cookie path value as below. By default it'll be restricted to App1 or App2 (my experience).
options.Cookie.Path = "/";
Check Controlling Cookie Scope.