I'm using WsFederation in two separate ASP.NET Core projects.
Each project has the following in Startup.cs
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.Wtrealm = Configuration["Wtrealm"];
options.MetadataAddress = "http://example.com/metadata.xml";
options.SkipUnrecognizedRequests = true;
options.RequireHttpsMetadata = false;
options.UseTokenLifetime = false;
})
.AddCookie(options =>
{
options.Cookie.Name = "MySharedCookie";
options.Cookie.Path = "/";
options.Cookie.Domain = ".dev.example.com";
});
I load project #1 in the browser and I get my cookie:
I then navigate to project #2 on the same sub domain. However, project #2 doesn't recognize MySharedCookie
and re-authenticates. I get a new cookie with the same name but a different value:
Is what I'm trying to do possible in ASP.NET Core? Is there a way in ASP.NET Core I can share project #1's cookie with project #2?
This is documented at Sharing cookies among apps with ASP.NET and ASP.NET Core. There is also a Cookie Sharing App Sample available.
In order to share cookies, you create a
DataProtectionProvider
in each app and using a common/shared set of keys between the apps.