In .NET Framework MVC we can implement SSO (Single Sign On) Application by using Form Authentication in Web Config file. Please Note : I have already created domain in IIS server with 1)www.mainapplication.com => Having log in mechanism 2)www.secondapplication.com => this will be redirect to mainapplication login page if user is not logged in, below example is with
<authentication mode="Forms">
<forms name="SingleSignOn"
loginUrl="www.mainapplication.com/account/login"
timeout="480"
slidingExpiration="false"
enableCrossAppRedirects="true"
path="/"
domain="mainapplication.com"
cookieless="UseCookies">
</forms>
</authentication>
Now I want to implement same with .NET Core 5 or 6
What I have did so far as described below. in Program.cs (mainapplication)
builder.Services.AddDataProtection().PersistKeysToFileSystem(ProgramService.GetKyRingDirectoryInfo()).SetApplicationName("SharedCookieApp");
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.Domain = ".mainapplication.com";
});
builder.Services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/Account/Login";
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.Domain = ".mainapplication.com";
});
mainapplication Log In code
[HttpPost]
public async Task<IActionResult> Login(string email="") {
var claims = new List<Claim> {
new Claim(ClaimTypes.Email,"user.test@email.com")
};
var claimIdentity = new ClaimsIdentity(claims,CookieAuthenticationDefaults.AuthenticationScheme);
//var authProperties = new AuthenticationProperties
//{
// //AllowRefresh = <bool>,
// // Refreshing the authentication session should be allowed.
// //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10),
// // The time at which the authentication ticket expires. A
// // value set here overrides the ExpireTimeSpan option of
// // CookieAuthenticationOptions set with AddCookie.
// //IsPersistent = true,
// // Whether the authentication session is persisted across
// // multiple requests. When used with cookies, controls
// // whether the cookie's lifetime is absolute (matching the
// // lifetime of the authentication ticket) or session-based.
// //IssuedUtc = <DateTimeOffset>,
// // The time at which the authentication ticket was issued.
// //RedirectUri = <string>
// // The full path or absolute URI to be used as an http
// // redirect response value.
//};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new System.Security.Claims.ClaimsPrincipal(claimIdentity));
return Redirect("/");
}
Second Application (Program.cs)
builder.Services.AddDataProtection().PersistKeysToFileSystem(ProgramService.GetKyRingDirectoryInfo()).SetApplicationName("SharedCookieApp");
builder.Services.AddAuthentication("Identity.Application")
.AddCookie("Identity.Application", option =>
{
option.Cookie.Name = ".AspNet.SharedCookie";
option.Cookie.Domain = ".mainapplication.com";
option.Events.OnRedirectToLogin = (context) =>
{
context.HttpContext.Response.Redirect("http://www.mainapplication.com/Account/Login");
return Task.CompletedTask;
};
});
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = ".mainapplication.com";
options.Cookie.Name = ".AspNet.SharedCookie";
options.Events.OnRedirectToLogin = (context) =>
{
context.HttpContext.Response.Redirect("http://www.mainapplication.com/Account/Login");
return Task.CompletedTask;
};
});
So when I trying to access second Application (in case of user is not signed in), it is being redirected to mainapplication : (http://www.mainapplication.com/Account/Login), after successfully logged in, again I trying to access second application, it won't authorized user and redirected to mainapplication login screen.
