0

I have the following scenario:

Server A:abpWeb; 
Server B:abpWeb;

A and B are based on MyCompanyName.AbpZero template, abp. Net core version 3.1.1;aspnetboilerplate

Browser access A:abpWeb and B:abpWeb. But after logging in, cookie shared is invalid.

A:User.Identity?.IsAuthenticated equals true after Browser access A:Login;

But refresh B:/index on the browser,B:User.Identity?.IsAuthenticated equals false;

The same browser domain for A and B is the same.

I created two new ASP.NET Core 2.0 MVC apps with ASP.NET Core Identity, using AddDataProtection for the normal shared cookie is ok.

I referred to:
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x

I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this. Thanks in advance.

ddr
  • 1
  • 2
  • This has little to do with [aspnetboilerplate]. Don't add tags to the title. Don't remove the relevant tags that target the appropriate answerers. – aaron Apr 08 '18 at 02:24

1 Answers1

0

The keys that encrypt/decrypt your cookies are probably trying to be written to an invalid folder.

By default AddDataProtection tries to write these keys to: %LOCALAPPDATA%\ASP.NET\DataProtection-Keys

As long as there is an environment variable being used to create the keys path, you will need to set the following config file setting to true.

Please also see my other answer here: IIS - AddDataProtection PersistKeysToFileSystem not creating

Fix: Within %WINDIR%\System32\inetsrv\config\applicationHost.config set setProfileEnvironment=true. I think you have to restart IIS as well.

chb
  • 1,727
  • 7
  • 25
  • 47
Nez
  • 59
  • 4