问题
I'm trying to share my ASP.NET Identity cookie across subdomains. Currently just locally.
- sub1.domain.local
- sub2.domain.local
I have the same machine key on both sites, but a cookie created on sub1 does not validate on sub2 and vice versa. The resulting cookie domain is always ".domain.local" (which should be correct??)
This is my setup in Startup class:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/login"),
CookieDomain = ".domain.local",
});
I've tried on just localhost:siteport for each site, but same result (cookie domain blank, resolving to "localhost")
I can't for the life of me figure out what I'm doing wrong. Maybe someone can point me in the right direction? Thanks
UPDATE
Okay, so I've figured out that the cookie is in fact shared between the subdomains, but it's only considered valid on the subdomain that created the cookie. Need to find a way to know why the authentication fails on the other site..
回答1:
After a lot of headscratching I noticed i difference in version numbers in various Identity packages. I updated the various packages from Nuget, and wouldn't you know. It worked!
What worries me is that it only updated from minor versions (e.g. Microsoft.Owin.Security.Cookies from 3.0.0.0 to 3.0.1.0). I don't hope they have to stay aligned like that in the future..
回答2:
You need to set Cookie Path to ./ global root folder. This way cookie will be available to all sites under root directory.
来源:https://stackoverflow.com/questions/29318201/asp-net-identity-cookie-and-subdomains