2

I have several ASP.NET MVC 5 applications. All applications are deployed on subdomains of a common domain. A single application is responsible for user login and the session is shared among all subdomains because we have the same machineKey in all applications.

<authentication mode="Forms">
  <forms name="SSO" loginUrl="{loginUrl}" timeout="2880" />
</authentication>
<machineKey validationKey="{validationKey}" decryptionKey="{decryptionKey}" validation="SHA1" />

The problem is that now I want to develop new applications using ASP.NET CORE and I haven't been able to figure out how to configure the ASP.NET CORE app so that it reads auth cookie created by the ASP.NET MVC 5 application. Is it possible without making changes to ASP.NET MVC 5 applications?

Hammad Ahmed
  • 49
  • 8

1 Answers1

1

You can use Data Protection key provider. In the startup file configure Data protection storage like below. In your MVC5 app also use the same storage to persist your cookie.

services.AddDataProtection()
    .PersistKeysToFileSystem("{PATH TO COMMON KEY RING FOLDER}")
    .SetApplicationName("SharedCookieApp");

services.ConfigureApplicationCookie(options => {
options.Cookie.Name = ".AspNet.SharedCookie";
});
Darshani Jayasekara
  • 561
  • 1
  • 4
  • 14
  • But this will require modifications in existing apps as well. The .Net version of ASP.NET MVC 5 apps is 4.5 so I can't install the Data Protection package in those unless I update the version. – Hammad Ahmed Jul 14 '21 at 15:27
  • For. Net 4.5 it can implement along with application manager. You don't need to upgrade versions. – Darshani Jayasekara Jul 14 '21 at 15:33
  • https://stackoverflow.com/questions/36473209/get-dataprotectionprovider-in-mvc-5-for-dependecy-injection-correctly – Darshani Jayasekara Jul 14 '21 at 15:36