0

For now I am working on localhost in Visual Studio 2013.(I am using individual user authentication)

What I have done is:

I updated <system.web> in Web.config as

<system.web>
    <authentication mode="Forms">
        <forms loginUrl="~/Account/Login" timeout="2880" name=".ASPXAUTH" protection="Validation" path="/" domain=".localhost" />
    </authentication>
    <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" decryption="Auto"/>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
</system.web>

I updated Startup.Auth.cs as:

app.UseCookieAuthentication(new CookieAuthenticationOptions {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    CookieDomain = ".localhost"
});

But still login across sub-domains is not maintained. What else do I have to do to make it work?

Tasos K.
  • 7,669
  • 7
  • 38
  • 57
Irfan Yusanif
  • 1,152
  • 1
  • 15
  • 52
  • Seems worth mentioning that it would be a very bad idea to deploy this application without changing that machineKey first. – Tieson T. Jul 25 '15 at 08:37

1 Answers1

0

You need to share your cookies across domains. From your code it seems like you have set the domain of cookie to subdomain of localhost. The issue will probably be in the bindings in IIS for sub domains. Check these 2 stackoverflow answers for help.

Share cookie between subdomain and domain

How to make subdomain on my localhost?

EDIT:

As you told in the comments the cookies are not being sent to the subdomain on request. you haven't given any expiry of the Cookie in your code. Give an expiry by setting a valid timespan

    int days = 0, hours = 0, minutes = 0, seconds = 0;
    app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        CookieDomain = ".localhost",
        ExpireTimeSpan = new System.TimeSpan(days, hours, minutes, seconds)
    });
Community
  • 1
  • 1
  • Thank you for answer but i still could not figure out. The links you provided seems off my problem. "The issue will probably be in the bindings in IIS for sub domains". How to do binding in IIS? My subdomains are working perfectly. Do i have to use Set-Cookie (as described in first link)? Can you please briefly describe complete solution. – Irfan Yusanif Jul 25 '15 at 07:16
  • as a quick check open the browser developer tools-> open the subdomain and to the request of the URL check the cookies which are being sent. Is your cookie getting sent to all the subdomains. –  Jul 25 '15 at 07:23
  • you got the error then. while creating cookies Set the domain of the cookie . Since you have used the tag asp.net i am assuming you are developing it in MVC so while creating cookies on the cookie object use CookieObject.Value="your Session identifier"; CookieObject.Domai=".yourdomain.tld"; –  Jul 25 '15 at 08:33
  • Yes i am developing it in MVC. I am not creating cookies myself. I am using asp.net identity (Individual user authentication). In AccountController i didn't find cookieObject. – Irfan Yusanif Jul 25 '15 at 08:55
  • I have tried to use `var request = HttpContext.Current.Request; var cookie = request.Cookies.Get(".AspNet.ApplicationCookie");` but `Current` is not accessable. Should i have to use some namespace? – Irfan Yusanif Jul 25 '15 at 09:52
  • Something went wrong. `CookieDomain = ".localhost", ExpireTimeSpan = new System.TimeSpan(days, hours, minutes, seconds)` if i comment these lines cookies on localhost (not on subdomain) works fine but if i uncomment them i cannot login and if i am logged in, cannot logout. – Irfan Yusanif Jul 25 '15 at 12:36
  • you have to set the values of the variables with the duration you want the cookie to live. setting a 0 time will delete cookie as soon as it is created. i left the values for you to customize according to your need. as a quick test set days=1 –  Jul 25 '15 at 16:20
  • I know and I set duration but there is some other issue. – Irfan Yusanif Jul 25 '15 at 17:14