Cookie compatibility between OWIN and Microsoft.AspNetCore.Authentication
See original GitHub issueHello
I have applications both running on ASP.NET MVC (4.7.2) and ASP.NET Core (Blazor, 5.0). I secure these with OpenIdConnect. I would like the cookie to be compatible between these applications, as it currently stands these both create their own cookie and requires re-authentication.
Example: I connect to portal.domain.com (ASP.NET MVC 4.7.2), this requires an authentication flow and creates a cookie. I click through to application.portal.domain.com (ASP.NET Core (Blazor, 5.0) and this requires another authentication flow and creates a second cookie. However if I click through to application2.portal.domain.com (ASP.NET MVC 4.7.2) (from portal.domain.com) this does not require a second authentication flow and re-uses the original cookie (as it should).
Are there specific settings that need to be adjusted so these cookies become compatible?
ASP.NET Authentication Code (Startup file)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
CookieSameSite = SameSiteMode.Lax,
#if !DEBUG
CookieDomain = ConfigurationManager.AppSettings["OpenIdCookieDomain"]
#endif
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
ClientId = ConfigurationManager.AppSettings["OpenIdClientId"],
ClientSecret = ConfigurationManager.AppSettings["OpenIdClientSecret"],
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
#if DEBUG
RequireHttpsMetadata = false,
#endif
Scope = "openid profile email",
Authority = ConfigurationManager.AppSettings["OpenIdAuthority"],
MetadataAddress = ConfigurationManager.AppSettings["OpenIdMetadata"],
RedirectUri = ConfigurationManager.AppSettings["OpenIdRedirect"],
ResponseType = OpenIdConnectResponseType.Code,
RedeemCode = true,
UsePkce = true,
});
ASP.NET Core Authentication Code (Startup file)
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
#if !DEBUG
options.Cookie.Domain = Configuration["Security:CookieDomain"];
#endif
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = Configuration["Security:Authority"];
options.MetadataAddress = Configuration["Security:MetadataAddress"];
options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
options.ClientId = Configuration["Security:ClientId"];
options.ClientSecret = Configuration["Security:ClientSecret"];
options.ResponseType = Configuration["Security:ResponseType"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.UseTokenLifetime = false;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.UsePkce = true;
});
Thanks in advance
Issue Analytics
- State:
- Created 2 years ago
- Comments:27 (13 by maintainers)
Top GitHub Comments
See https://github.com/dotnet/AspNetCore.Docs/issues/21987
It was not, my apologies! And thank you for all the help. 😃