I have several ASP.NET MVC 5 applications. All applications are deployed on subdomains of a common domain. A single application is responsible for user login and the session is shared among all subdomains because we have the same machineKey in all applications.
<authentication mode="Forms">
<forms name="SSO" loginUrl="{loginUrl}" timeout="2880" />
</authentication>
<machineKey validationKey="{validationKey}" decryptionKey="{decryptionKey}" validation="SHA1" />
The problem is that now I want to develop new applications using ASP.NET CORE and I haven't been able to figure out how to configure the ASP.NET CORE app so that it reads auth cookie created by the ASP.NET MVC 5 application. Is it possible without making changes to ASP.NET MVC 5 applications?
You can use Data Protection key provider. In the startup file configure Data protection storage like below. In your MVC5 app also use the same storage to persist your cookie.
services.AddDataProtection()
.PersistKeysToFileSystem("{PATH TO COMMON KEY RING FOLDER}")
.SetApplicationName("SharedCookieApp");
services.ConfigureApplicationCookie(options => {
options.Cookie.Name = ".AspNet.SharedCookie";
});