Search code examples
c#asp.net-mvcasp.net-coreubuntunginx

Authentication Conflict Between Two ASP.NET Apps on the Same Server Using Nginx

I have deployed two ASP.NET apps on an Ubuntu server using Nginx. The first app runs on port 80, while the second runs on port 8888. I am not using SSL for either app.

Both apps use ASP.NET Identity for authentication, but I'm encountering a conflict when accessing both apps. Specifically:

  1. When logging out of the second app (running on port 8888), I am automatically redirected to the first app’s login page (myip/Account/Login?ReturnUrl=%2F).
  2. When logged in to the second app and accessing the first app (on port 80), navigating to any route in the second app (e.g., myip:8888/restofroute) redirects me to the first app, like myip/restofroute.

Here are my current Nginx configurations for both apps:

Nginx Config for First App (Port 80):

server {
listen 80;
server_name My IP; # Replace with your domain or IP address

location / {
    proxy_pass http://127.0.0.1:8801;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection keep-alive;
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

Nginx Config for Second App (Port 8888):

server {
listen 8888;
server_name My IP;

location / {
    proxy_pass http://127.0.0.1:8802;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port 8888;  # Forward the correct port
    proxy_redirect off;  # Prevent NGINX from modifying the redirects
}

}

Solution

  • The issue you’re experiencing stems from both apps using the same domain (or IP) and potentially sharing cookies for ASP.NET Identity. Since cookies are domain-scoped and both apps are running under the same domain/IP (e.g., myip), there is a conflict in cookie handling, leading to unintended authentication behavior.

    Set Unique Cookie Names for Each App: ASP.NET Identity uses cookies for authentication. To avoid conflicts, configure each app to use a unique cookie name.

    In each app’s Startup.cs or Program.cs (depending on your ASP.NET version), modify the cookie configuration:

    services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Name = "App1Auth"; // Use a unique name for the first app
});

    For the second app, set a different cookie name

    services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Name = "App2Auth"; // Use a unique name for the second app
});

    Cookies can also be scoped to specific paths. Configure the cookie Path to differentiate between the two apps.

    services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Path = "/"; // Default path
});

    Second App;

    services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Path = "/secondapp"; // Unique path for the second app
});

    Update the proxy_set_header Host in both configurations to ensure proper routing and prevent cookie conflicts.

    First App (Port 80):

    server {
    listen 80;
    server_name myip;

    location / {
        proxy_pass http://127.0.0.1:8801;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

    Second App (Port 8888):

    server {
    listen 8888;
    server_name myip;

    location / {
        proxy_pass http://127.0.0.1:8802;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}