Multiple and subdomain cookies in asp.net Core Identity

Question

Multiple and subdomain cookies in asp.net Core Identity

I have a webpage that uses multiple URLs for the same application:

for example: * .MyWebPage.com.au * .YourWebPage.com.au

This way, it will use subdomains on multiple URLs. The problem is that I need to allow user authentication on all subdomains of the URL they entered.

For example, if they register through www.mywebpage.com.au, a cookie should be set for * .mywebpage.com.au or if they access the site through www.yourwebpage.com.au, the cookie should be * .yourwebpage.com. au.

Most of the documentation for resolving subdomains for ASP.NET kernel identifiers points to the startup.cs (or startup.auth.cs) file and introduces something like this: `

app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = "mywebpage.com.au" });`

this will not work for me because I don’t want a fixed domain, I just want to allow all users to have access to all subdomains for the URL they entered. I can obviously get their url during login on demand, but I need to dynamically install cookiedomain at this point.

+5

asp.net-core asp.net-core-mvc asp.net-identity

michael May 28 '17 at 13:33

source share

4 answers

How many major domains are there? If there are not many, you can add several CookieAuthenticationOptions. Like this:

  app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "mywebpage.com.au", CookieDomain = "mywebpage.com.au", }); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "yourwebpage.com.au", CookieDomain = "yourwebpage.com.au", });

If there are too many primary domains, you will need to write your own cookie provider.

+1

Vhao Jun 01 '17 at 8:55

source share

In addition to @michael's solution:

ICookie : ICookie Interface is an abstraction layer on top of the http cookie object that provides data .
ICookieManager : Cookie Manager is an abstraction layer on top of the ICookie Interface . This extends Cookie behavior in terms of <TSource> general support, Func<TResult> . This is implemented by the DefaultCookieManager . ICookie Interface is the degree of degradation of this class.
Using CookieManager :
- Add CookieManager at service setup start.
- Access the CookieManager API.
- And the source code is available on git Nemi Chand .

+1

King reload Jun 2 '17 at 12:58

source share

Addition to @michael: How to "handle the deleteecookie event by adding options.Domain = RemoveSubdomain (context.Request.Host.Host)": just add

 options.Domain= RemoveSubdomain(context.Request.Host.Host);

front

  ConcreteManager.DeleteCookie(context, key, options);

in

CookieManager.DeleteCoockie (..) {..};

And don't forget to call CookieManager.DeleteCoockie when you log out!

PS In addition, if you need to log in to both subdomain.example.com and example.com, you need to change AppendResponseCookie (..) {..}, or you will only get TLD (.com / .ru and etc.) here

0

Suddengunter Jul 03 '17 at 12:51

source share

michael · Accepted Answer · 2017-06-01T14:46:24+0000

What I did not understand when I started was the difference between Identity and CookeieAuthentication. Since I used Identity

  app.UseIdentity();

app.UseCookieAuthentication was not a solution.

I finally found my solution by running ICookieManager.

Here is my solution:

in Startup.cs:

  services.AddIdentity<ApplicationUser, IdentityRole>(options => { options.Password.RequireDigit = false; options.Password.RequiredLength = 5; options.Password.RequireNonAlphanumeric = false; options.Password.RequireLowercase = false; options.Password.RequireUppercase = false; options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here }).AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();

now in the class I called CookieManager.cs:

 public class CookieManager : ICookieManager { #region Private Members private readonly ICookieManager ConcreteManager; #endregion #region Prvate Methods private string RemoveSubdomain(string host) { var splitHostname = host.Split('.'); //if not localhost if (splitHostname.Length > 1) { return string.Join(".", splitHostname.Skip(1)); } else { return host; } } #endregion #region Public Methods public CookieManager() { ConcreteManager = new ChunkingCookieManager(); } public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options) { options.Domain = RemoveSubdomain(context.Request.Host.Host); //Set the Cookie Domain using the request from host ConcreteManager.AppendResponseCookie(context, key, value, options); } public void DeleteCookie(HttpContext context, string key, CookieOptions options) { ConcreteManager.DeleteCookie(context, key, options); } public string GetRequestCookie(HttpContext context, string key) { return ConcreteManager.GetRequestCookie(context, key); } #endregion

Multiple and subdomain cookies in asp.net Core Identity

More articles: