Having trouble sharing an Identity Cookie (using ASP.NET Core v2) across multiple web applications
On my development environment, cookies are shared automatically (as it’s localhost) – and that works fine!
When dealing with MS Azure, I’ve tried to set the cookie domain to .azurewebsites.net – to allow two web apps (e.g. app1.azurewebsites.net and app2.azurewebsites.net) to share a cookie.
Using the cookie configuration (abbreviated) like so:
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = ".azurewebsites.net";
}
}
However, when I deploy the main site (the one that generates cookies from logins) to Azure, I can’t even login. The .AspNetCore.Application.Identity cookie doesn’t even get returned after entering username/password (or social logins)
I’ve also tried the solution here: https://stackoverflow.com/a/44310683/1025394
With no success
Question is: Is there possibly any filtering going on the Azure side of things? Stopping me from setting a cookie for .azurewebsites.net? Maybe for Security purposes?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
However, when I deploy the main site (the one that generates cookies from logins) to Azure, I can’t even login. The .AspNetCore.Application.Identity cookie doesn’t even get returned after entering username/password (or social logins)
I searched the web and found that some domain names do not allowed to create cookies for security concerns. Domains for Azure Cloud are listed as follows:
azurewebsites.net azure-mobile.net cloudapp.net
Detailed list of domains you could find here.
Moreover, if you want to share cookie among your multiple web apps, you could map custom domain name for your web apps (e.g. app1.yourwebsite.com, app2.yourwebsite.com) and set options.Cookie.Domain to .yourwebsite.com, details about mapping a custom domain you could follow here. Also, you need to configure data protection to use the same encryption keys for your multiple web apps. In addition, you could follow this similar issue.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0