4

I have an existing ASP.NET Forms web application that uses RedisSessionProvider. This is setup via just the WebConfig with the following.

<sessionState mode="Custom" customProvider="RedisSessionProvider">
  <providers>
    <add name="RedisSessionProvider" applicationName="myApp" type="Microsoft.Web.Redis.RedisSessionStateProvider" connectionString="RedisConnection" ssl="true" />
  </providers>
</sessionState>
<connectionStrings>
<add name="RedisConnection" connectionString="host:port,password=myPassword,ssl=True,abortConnect=False"/></connectionStrings>

I would like to share this with an ASP.NET Core SubSite/SubApplication. I'm able to share it fine with other subsites that are ASP.NET (MVC/Forms) by just adding the reference and adding the above to their WebConfigs.

However, for .NET Core, I can't figure out how to share it. Keep in mind that the code for the ASP.NET forms site is on a freeze for 3 months, so we can't make any changes to it.

In the ASP.NET Core application i've referenced Microsoft.AspNetCore.DataProtection and StackExchange.Redis. And have the following code in Startup.cs

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();
        services.AddSingleton<IConfiguration>(Configuration);
        string redisConnectionString = Configuration.GetValue<string>("Redis:ConnectionString");
        string redisKey = Configuration.GetValue<string>("Redis:Key");
        var redis = ConnectionMultiplexer.Connect(redisConnectionString);
        services.AddDataProtection().PersistKeysToRedis(redis, redisKey).SetApplicationName("myApp");
        services.AddAuthentication("Identity.Application").AddCookie("Identity.Application", 
            options =>
        {
            options.Cookie.Name = "ASP.NET_SessionId";
        });
        services.AddSession(options =>
        {
            options.Cookie.Name = "ASP.NET_SessionId";
        });
        services.AddOptions();
    }

And i've added app.UseSession() to public void Configure(...).

This does rename the cookie to the same as the host site but it doesn't give me access to the same Session Store. I'm guessing this has something to do with the way the cookies are encrypted in .NET core vs ASP.NET.

Is what i'm trying to do possible without modifying the Host .NET Forms site? If it's only possible if i modified the host (would have to be in the future), what would i have to do there?

Camilo Terevinto
  • 31,141
  • 6
  • 88
  • 120
Hendel
  • 53
  • 5
  • Why do you need to do this? This seems like a horrible idea – trailmax May 21 '18 at 14:39
  • @trailmax Why do I need to share Session? Because the Host site stores information that I need access to in all of the subsites. Also the Sign On experience needs to be seamless between all sites under the host. – Hendel May 21 '18 at 14:41
  • There are way better ways to share data between (micro) sites than share ASP.Net session, including single sign-on. – trailmax May 21 '18 at 14:46
  • 1
    @trailmax Yes there are, unfortunately, I don't have the ability to modify the Host site and need to work within the confines of its current setup, which unfortunately means that i need access to information that is stored in it's session. – Hendel May 21 '18 at 14:50
  • @Hendel Sharing Redis and sharing session cookie are two different things. ASP.NET Core can read data from Redis as long as key is same. Why do you need to access Web Form Session Cookie from ASP.NET Core? – Win May 21 '18 at 16:41
  • @Hendel Where you able to figure it out? – NicoTek May 01 '20 at 15:52
  • @NikoTek it turned out not to be possible without custom middleware .NET encrypts session data it stores and .net core uses a different encryption method. So, without rolling our own middleware and implementing it in the host and sub site I was unable to do this. In the end we scrapped using .net core and used .net 4.x – Hendel May 02 '20 at 20:01

0 Answers0