All geek questions in one place

OWIN Authentication cookie exchange between ASP.NET MVC and Webforms applications with the same MachineKey

I have an outdated web form application and am creating a new version of MVC to replace it. Both have to work side by side for some time, and I need one sign for the job. Previously, users logged in through the webforms application, and I was able to successfully set forms authentication so that the MVC application can authenticate through the cookie.

Now the MVC application is completing new login forms, and now users will need to log in. The MVC application uses Identity 2.x and OWIN. At first I tried to set the OWIN cookie according to the settings in the legacy webforms application, but I could not get the webforms application to read the cookie and authenticate the user.

Since then, I decided to install Indentity 2.x and OWIN in a webforms application. I made the settings the same. The validity period is 30 minutes, and the domain is ", and the path is" / ". I see that the cookie is created from the MVC application, but it is not picked up by the webforms application. I continue to receive an access denied message.

app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active, AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, CookieName = Settings.Default.CookieName, CookiePath = Settings.Default.CookiePath, CookieDomain = Settings.Default.CookieDomain, LoginPath = new PathString(Settings.Default.CookieLoginPath), ReturnUrlParameter = Settings.Default.CookieReturnUrl, ExpireTimeSpan = Settings.Default.CookieExpireTimeSpan, SlidingExpiration = Settings.Default.CookieSlidingExpiration, Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });

I left the machine key options (which previously worked for forms authentication) the same. However, I removed form authentication from both configuration files.

Am I misconfigured something or are there more settings needed to share the OWIN cookie between applications with the same machine key?

UPDATE

  • Created a new web form application with separate user accounts.
  • Added MachineKey
  • Changed the configuration of the MVC application with the standard settings (copying a new project)

The new webforms application displays a cookie but will not authenticate the user.

UPDATE See answer below.

+6
source share
1 answer

After creating two new applications and getting this, I got the basic level and worked from there from there until I reached the Single Sign goal between the applications. I have discovered many things, including:

  • MachineKey is not required for single sign-on between applications for 4.5 and above. <httpRuntime targetFramework="4.5"/> is all you need.
  • Disable Form Authentication
  • And most importantly, do not try to integrate Identity 2.x and OWIN manually by copying from the base project, as you are likely to miss the namespace or important file. The project will be built and launched and literally push you while you are trying to find what you missed. Use nuget packages and remove what you don't need.

So in the end I needed to add Identity 2.x and OWIN to my legacy webforms application, basically updating the new authentication pipeline in 4.5 to make it work.

Hope this post helps someone save time and effort.

IMPORTANT UPDATE: If you try to deploy to IIS, even if you do not have any machine keys specified in the configuration (and which work locally), it will not work during deployment. In the end, I used the MVC application as the parent and inherited webforms application as a child, and this required the parent application to be configured as follows:

 <machineKey decryptionKey="AutoGenerate" validationKey="AutoGenerate" />
+2
source

Source: https://habr.com/ru/post/987562/

More articles:


All Articles