Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Multiple & SubDomain's cookie in asp.net Core Identity

Tags:

asp.net-core

asp.net-core-mvc

asp.net-identity

I have a webpage which uses multiple URLS for the same application:

for example: *.MyWebPage.com.au *.YourWebPage.com.au

So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.

For example, if they login via www.mywebpage.com.au the cookie needs to be set for *.mywebpage.com.au or if they login via www.yourwebpage.com.au the cookie should be *.yourwebpage.com.au.

Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:` 

app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieDomain = "mywebpage.com.au"
            });`

this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.

like image 732
Michael Avatar asked May 28 '17 13:05

Michael

People also ask

What the means of multiple?

: consisting of, including, or involving more than one. multiple births. multiple choices. : many, manifold. multiple achievements.

Is multiple 2 or more?

The MLA follows Merriam-Webster's Collegiate Dictionary in using multiple to mean “consisting of, including, or involving more than one” or “many, manifold” (“Multiple, Adj.,” defs. 1 and 2 [Collegiate Dictionary]).

How many does multiple mean?

having or consisting of many parts, elements, etc.; more than one or once; manifold or complex. 2. shared by or involving many. 3. many or very many; numerous.

What is a multiple in math?

A multiple in math are the numbers you get when you multiply a certain number by an integer. For example, multiples of 5 are: 10, 15, 20, 25, 30…etc. Multiples of 7 are: 14, 21, 28, 35, 42, 49…etc. Can you name some multiples of 3 now? An easy way to remember the multiples of single-digit numbers is by skip-counting.

3 Answers

What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity 

        app.UseIdentity();

app.UseCookieAuthentication was not the solution.

I finally found my solution by implementing ICookieManager.

Here is my solution:

in Startup.cs:

    services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {
            options.Password.RequireDigit = false;
            options.Password.RequiredLength = 5;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireLowercase = false;
            options.Password.RequireUppercase = false;
            options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
        }).AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

now in a class I have called CookieManager.cs:

public class CookieManager : ICookieManager
{
    #region Private Members

    private readonly ICookieManager ConcreteManager;

    #endregion

    #region Prvate Methods

    private string RemoveSubdomain(string host)
    {
        var splitHostname = host.Split('.');
        //if not localhost
        if (splitHostname.Length > 1)
        {
            return string.Join(".", splitHostname.Skip(1));
        }
        else
        {
            return host;
        }
    }

    #endregion

    #region Public Methods

    public CookieManager()
    {
        ConcreteManager = new ChunkingCookieManager();
    }

    public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
    {

        options.Domain = RemoveSubdomain(context.Request.Host.Host);  //Set the Cookie Domain using the request from host
        ConcreteManager.AppendResponseCookie(context, key, value, options);
    }

    public void DeleteCookie(HttpContext context, string key, CookieOptions options)
    {
        ConcreteManager.DeleteCookie(context, key, options);
    }

    public string GetRequestCookie(HttpContext context, string key)
    {
        return ConcreteManager.GetRequestCookie(context, key);
    }

    #endregion
like image 117
Michael Avatar answered Sep 16 '22 12:09

Michael

In addition to @michael's solution:

  • ICookie: ICookie Interface is an abstraction layer on top of http cookie object, which secures the data.
  • ICookieManager: Cookie Manager is an abstraction layer on top of ICookie Interface. This extends the Cookie behavior in terms of <TSource> generic support, Func<TResult>.This is implemented by DefaultCookieManager class. ICookie Interface is a depedenacy of this class.

  • Usage of CookieManager:

    1. Add CookieManager in startup Configure Service.
    2. Access the CookieManager API.
    3. And the source code is available on git by Nemi Chand.
like image 40
King Reload Avatar answered Sep 20 '22 12:09

King Reload

How many main domains are there? If there are not too many, you can add several CookieAuthenticationOptions. Like this:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = "mywebpage.com.au",
            CookieDomain = "mywebpage.com.au",
        });
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = "yourwebpage.com.au",
            CookieDomain = "yourwebpage.com.au",
        });

If there are too many main domains, you will need to write your own cookie provider.

like image 40
VHao Avatar answered Sep 20 '22 12:09

VHao
Sign in to Comment

Related questions

In ASP.NET Core 3.1, how can I schedule a background task (Cron Jobs) with hosted services for a specific date and time in the future?
.NET Core doesn't depend on any installation?
Running background tasks periodically in an ASP.NET Core RC2 application
Is it better to use Automapper in controller or repository pattern?
ASP.NET Core WebApi HttpResponseMessage create custom message?
Quartz.Net Dependency Injection .Net Core
HttpContext.Current.Request.Form.AllKeys in ASP.NET CORE version
How Do I Call XML SOAP Service that Requires Signature from .Net Core?
Session Cookie never set in asp.net core
Store / Retrieve ConnectionString from appSettings.json in ASP.net Core 2 MVC app
.NET Core Difference between Hosted Service and Singleton Service
How to mock out the UserManager in ASP.NET 5
Custom ASP.NET Core Middleware with cancellation Token
EntityFramework Core relation to composite key
How to check if a section in MVC Core configuration file exist?
HttpContext.Response.Cache equivalent in .NET Core?
Cannot resolve scoped service Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.IViewBufferScope from root provider
How to specify a composite primary key using EFCore Code First Migrations
Entity Framework Core migrations error using UseInMemoryDatabase
Self Referencing Many-to-Many relations

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!