1

We have created an ASP.NET Core 3.1 MVC web application and we are using cookie authentication scheme. Our .NET Core application is running on Apache Web Server via reverse proxy on a Linux OS.

We want to share authentication cookies across all sub domains (for SSO purpose), but unable to do so.

We have already tried the suggested solutions referenced below with no result:

ASP.NET Identity Cookie across subdomains on .Net and Core

https://bartwullems.blogspot.com/2021/09/aspnet-core-share-cookie-between.html

https://www.learmoreseekmore.com/2019/09/part-1-share-authentication-cookie-sso.html

Any suggestions on this will be very helpful.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Parvez Khan
  • 11
  • 3

1 Answers1

0

You could consider doing something else. With cookie authentication the cookies relates to the domain and the path.

What about using something like JWT authentication. This is bearer tokens and works out of the box on as many subwebs which you would like and also is a tamper free security model that doesn't litter the cookies area with too many crumbs :)

Anyway, if proceeding with this or the choice is not free, consider if the path of the cookies have been set correctly. To be more precise - For example, suppose a cookie is issued with the domain attribute set to "example.com" and the path attribute set to "/subweb". If a user navigates to "subweb.example.com" or "example.com/subweb", the cookie will be sent in the request headers, and the server responsible for the "example.com" domain will process it for authentication purposes

T. Nielsen
  • 835
  • 5
  • 18