0

To get an overview, I have an old .NET Framework 4.7.2 Website with a lot of .aspx Files and I have a new .NET Core WebApp. Both are running on the same server under the same domain with different ports.

I now want to login into the .NET Core Website and be able to use the Authentication Token on the .NET Framework Website too. I tried to use the Cookie generated by the .NET Core Website to Authenticate on the .NET Framework Website with Owin, but I couldn't find any way to get this to work.

Does anyone have an Idea on how to accomplish this? I need to authenticate once and be able to stay Authenticated over both websites.

Matthias Windisch
  • 3
  • 2

1 Answers1

1

To share authentication cookies between your ASP.NET 4.x applications and your ASP.NET Core applications, firstly, configure the ASP.NET Core application by following the steps:

  1. Add Authentication to your app

    public void ConfigureServices(IServiceCollection services)
{
     services.AddAuthentication();
     //other services...
}

  2. In your Configure method use the CookieAuthenticationOptions to set up the data protection service for cookies

    app.UseCookieAuthentication(new CookieAuthenticationOptions
{    DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"c:\shared-auth-ticket-keys\"))
});

Then configure your ASP.NET 4.7.2 application by following steps below:

  1. Install the package Microsoft.Owin.Security.Interop into your ASP.NET 4.7.2 application.

  2. In Startup.Auth.cs, locate the call to UseCookieAuthentication, which will generally look like the following:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    // ...
});

  3. Modify the call to UseCookieAuthentication as follows, changing the AuthenticationType and CookieName to match those of the ASP.NET Core cookie authentication middleware, and providing an instance of a DataProtectionProvider that has been initialized to a key storage location.

    app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "Cookies",
    CookieName = ".AspNetCore.Cookies",
    // CookiePath = "...", (if necessary)
    // ...
    TicketDataFormat = new AspNetTicketDataFormat(
        new DataProtectorShim(
            DataProtectionProvider.Create(new DirectoryInfo(@"c:\shared-auth-ticket-keys\"))
            .CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
            "Cookies", "v2")))
  });

The DirectoryInfo has to point to the same storage location that you pointed your ASP.NET Core application to and should be configured using the same settings.

  1. In IdentityModels.cs, change the call to ApplicationUserManager.CreateIdentity to use the same authentication type as in the cookie middleware.

    public ClaimsIdentity GenerateUserIdentity(ApplicationUserManager manager)
{
    // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
    var userIdentity = manager.CreateIdentity(this, "Cookies");
    // ...
}

Reference:

Share authentication cookies among ASP.NET apps

Share authentication cookies between ASP.NET 4.x and ASP.NET Core apps

Rena
  • 30,832
  • 6
  • 37
  • 72
Qing Guo
  • 6,041
  • 1
  • 2
  • 10