0

I'm creating an OpenId Connect host using IdentityServer v3, backed by ASP.NET Identity.

In cases where the user is already logged in to the host application using ASP.NET Identity, how can I use the existing session, rather than prompting the user to log in again?

An example is if you are already logged in to your Google account, and you navigate to https://jabbr.net/, you will find that Google does not prompt you to enter your username and password in order to authenticate through Google.

Travis Collins
  • 3,982
  • 3
  • 31
  • 44

1 Answers1

0

IdentityServer will not prompt your for credentials when there is an existing authentication session - IOW a cookie. Check if this cookie is present or maybe lost somehow. By default the cookie is only valid as long as the browser window is not closed.

IdSrv3 beta 2 also has a persistent cookie feature now -

https://identityserver.github.io/Documentation/docs/configuration/authenticationOptions.html

Guy
  • 1,434
  • 1
  • 19
  • 33
leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Thanks for replying, Dom. There is a cookie present, it's named ".AspNet.ApplicationCookie". IdentityServer is not picking up on this session for some reason, and creates it's own cookie named ".Aspnet.Cookies". Any ideas? It was a long shot, but I tried changing the cookie name in ASP.NET Identity to ".AspNet.Cookies" but that didn't help any, and the new cookie invalidated the Identity account. – Travis Collins Oct 17 '14 at 14:06
  • The cookie must be issued by IdentityServer of course. – leastprivilege Oct 19 '14 at 10:18
  • My site uses ASP.NET Identity, which is issuing cookies when the user logs in. I wish to add OpenID Connect host capabilities to this site, thus allowing other sites to determine the current user, and their claims. Is it possible to do this in such a way that an user who has an active session cookie (from ASP.NET Identity) can request IdentityServer without being asked to enter their login credentials again? – Travis Collins Oct 19 '14 at 15:54
  • 1
    no. this is not how it works. You must use IdentityServer for login in the first place to get the SSO feature. – leastprivilege Oct 20 '14 at 05:46