This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 68%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Hi All,
I am implementing Azure AD authentication (b2b) in both web application .NET CORE 6 MVC.
I am looking for an example to authenticate and authorize two .NET Core MVC Web Applications to communicate with one another.
Example:
Webapplication-1 and WebApplication-2 (Both are under same domain and IIS)
Below is the way application is configured currently which uses Identity Server and we moving to Azure AD
Webapplication-1 - Will load all the menus in that few menus will be part of Webapplication-2 and rest part of Webapplication-1
Example:
Webapplication-1 Menus
Webapplication-2/Home
Webapplication-2/Edit
Webapplication-1/View
Webapplication-1/Download
When user click Sign Out in Webapplication-2, "Microsoft.Identity.Web" automatically logs out and clear cookies of Webapplication-2 and I am able to override SignedOut.cshtml to have custom logout page.
Issue is Webapplication-1 cookies still is in browser..
I want to implement Single Sign-out when user click Sign Out button either of the application.
How to implement Single Sign-out.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
you will need to use the same cookie for both applications (set subdomain as cookie path). this will require both sites use the same custom roles if any. also you will need to configure DataProtection services to use the same encryption/decryption key for both sites.
cookie settings:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-7.0
data protection services configuration:
Hi @Bruce (SqlWork.com) ,
Is there no other way to do apart from using same cookie?
Subdomain as cookie path?
Currently both application domain is same for both application - example.co.uk but path is different.... "Webapplication-1" and "Webapplication-2"
1) My both Web Application is registered separated in Azure Ad App registration
2) Below code is used in both the application
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Strict;
options.HandleSameSiteCookieCompatibility();
});
services.AddMicrosoftIdentityWebAppAuthentication(Configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
services.AddRazorPages().AddMvcOptions(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
So in second app i need to remove above code and do cookie authentication as below
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-6.0?