I've multiple intranet sites which are in same domain like:
In these applications I'm using OWIN-Mixed authentication. But I couldn't find the way to authenticate a user in one site and use the authentication in the others.
Is there a guide to follow it?
OWIN-Mixed has a Windows Authentication entry point but is using regular forms authentication afterwards.
You need to allow testsite/site1 and testsite/site2 to read the same authentication cookie. To do that you need to ensure the cookie is encrypted with the same key.
You can achieve this by having the same machineKey element in both web.configs
For example, add the following to both Site1's and Site2's web.config file
<machineKey
validationKey="55304E97702846DD86E818E6A4924952B3B2D28A06E3F6CC05919C044FDEF6FC0F578FA366ECD838F34AE1806219B4AB1241FFF9CF1B935B46E559286F17AD19"
decryptionKey="2D18B05A7B82E04AFA36D94658A64281247D81494C95C87A1F2BCDA6C1539437"
validation="SHA1" decryption="AES"
/>
Make sure the cookie domain and name are the same. Also make sure both applications are on the same domain.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieDomain = ".testsite.com",
CookieName = "AuthenticationCookie",
});
Hope this helps.
