I have a webpage which uses multiple URLS for the same application:
for example: *.MyWebPage.com.au *.YourWebPage.com.au
So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.
For example, if they login via www.mywebpage.com.au the cookie needs to be set for *.mywebpage.com.au or if they login via www.yourwebpage.com.au the cookie should be *.yourwebpage.com.au.
Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:`
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.
: consisting of, including, or involving more than one. multiple births. multiple choices. : many, manifold. multiple achievements.
The MLA follows Merriam-Webster's Collegiate Dictionary in using multiple to mean “consisting of, including, or involving more than one” or “many, manifold” (“Multiple, Adj.,” defs. 1 and 2 [Collegiate Dictionary]).
having or consisting of many parts, elements, etc.; more than one or once; manifold or complex. 2. shared by or involving many. 3. many or very many; numerous.
A multiple in math are the numbers you get when you multiply a certain number by an integer. For example, multiples of 5 are: 10, 15, 20, 25, 30…etc. Multiples of 7 are: 14, 21, 28, 35, 42, 49…etc. Can you name some multiples of 3 now? An easy way to remember the multiples of single-digit numbers is by skip-counting.
What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity
app.UseIdentity();
app.UseCookieAuthentication was not the solution.
I finally found my solution by implementing ICookieManager.
Here is my solution:
in Startup.cs:
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
}).AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
now in a class I have called CookieManager.cs:
public class CookieManager : ICookieManager
{
#region Private Members
private readonly ICookieManager ConcreteManager;
#endregion
#region Prvate Methods
private string RemoveSubdomain(string host)
{
var splitHostname = host.Split('.');
//if not localhost
if (splitHostname.Length > 1)
{
return string.Join(".", splitHostname.Skip(1));
}
else
{
return host;
}
}
#endregion
#region Public Methods
public CookieManager()
{
ConcreteManager = new ChunkingCookieManager();
}
public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
{
options.Domain = RemoveSubdomain(context.Request.Host.Host); //Set the Cookie Domain using the request from host
ConcreteManager.AppendResponseCookie(context, key, value, options);
}
public void DeleteCookie(HttpContext context, string key, CookieOptions options)
{
ConcreteManager.DeleteCookie(context, key, options);
}
public string GetRequestCookie(HttpContext context, string key)
{
return ConcreteManager.GetRequestCookie(context, key);
}
#endregion
In addition to @michael's solution:
ICookie
: ICookie Interface
is an abstraction layer on top of http cookie object
, which secures the data
.ICookieManager
: Cookie Manager
is an abstraction layer on top of ICookie Interface
. This extends the Cookie behavior in terms of <TSource>
generic support, Func<TResult>
.This is implemented by DefaultCookieManager
class. ICookie Interface
is a depedenacy of this class.Usage of CookieManager
:
CookieManager
in startup Configure Service.git
by Nemi Chand.How many main domains are there? If there are not too many, you can add several CookieAuthenticationOptions. Like this:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "mywebpage.com.au",
CookieDomain = "mywebpage.com.au",
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "yourwebpage.com.au",
CookieDomain = "yourwebpage.com.au",
});
If there are too many main domains, you will need to write your own cookie provider.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With