3,600 questions
If I understand, you are trying to share an authentication cookie across multiple ASP.NET applications. Please see the official documentation. Share authentication cookies among ASP.NET apps
User.Identity.IsAuthenticated is always false
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 1%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Karan Doshi
0
Reputation points
I am trying to implement single sign on across subdomains using forms authentication and .net Core 3.1. I have a website called parent.com where user logs in and I want to make sure that when user visits child.parent.com, it should be already logged in. I am able to set the .ASPXAUTH cookie from parent.com, and I can even see that cookie in browser when I visit child.parent.com. However when I use User.Identity.IsAuthenticated, I am always getting false as a response, because of which the site is inaccessible. My web.config is working fine as I am able to see the .ASPXAUTH cookie on child.parent.com. I have referred many stackoverflow questions, Microsoft forums, tutorials and offical docs, but I cannot find the solution. Can someone help me with it I have wasted more than 10 days on this issue and still I have reached nowhere near to the conclusion. Thanks in advance.
Developer technologies | ASP.NET | Other
Microsoft Security | Microsoft Identity Manager
885 questions
2 answers
Sort by: Most helpful
-
AgaveJoe 30,126 Reputation points2023-04-06T10:57:04.0733333+00:00 -
Karan Doshi 0 Reputation points
2023-04-06T12:05:04.3766667+00:00 No I am not trying to share cookies, I am trying to do single sign on using .net
-
AgaveJoe 30,126 Reputation points
2023-04-06T12:19:03.7466667+00:00 The ASPXAUTH is an authentication cookie. The browser sends cookies to the domain that created the cookie. As far as The browser is concerned a sub domain is a different domain from the main domain or any other sub domains. Read the documentation and follow the instruction on how to share the ASPXAUTH cookie. The instructions explain how to handle data protection as the token is encrypted. If you want community debugging support then we need enough code to reproduce your issue(s) otherwise we cannot troubleshoot.
True SSO takes advantage of central token server and protocols like OAuth/OIDC. Also, your post references the web.config but ASP.NET Core does not use the web.config. If you've configured forms auth in IIS or the web config then your approach is incorrect. Please read the docs!
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 78,006 Reputation points Volunteer Moderator2023-04-06T15:22:50.1733333+00:00 You need to share the encryption keys between the sites. See configuration of data protection services. https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-7.0