Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Multiple & SubDomain's cookie in asp.net Core Identity

I have a webpage which uses multiple URLS for the same application:

for example: *.MyWebPage.com.au *.YourWebPage.com.au

So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.

For example, if they login via www.mywebpage.com.au the cookie needs to be set for *.mywebpage.com.au or if they login via www.yourwebpage.com.au the cookie should be *.yourwebpage.com.au.

Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:`

app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieDomain = "mywebpage.com.au"
            });`

this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.

like image 732
Michael Avatar asked May 28 '17 13:05

Michael


People also ask

What the means of multiple?

: consisting of, including, or involving more than one. multiple births. multiple choices. : many, manifold. multiple achievements.

Is multiple 2 or more?

The MLA follows Merriam-Webster's Collegiate Dictionary in using multiple to mean “consisting of, including, or involving more than one” or “many, manifold” (“Multiple, Adj.,” defs. 1 and 2 [Collegiate Dictionary]).

How many does multiple mean?

having or consisting of many parts, elements, etc.; more than one or once; manifold or complex. 2. shared by or involving many. 3. many or very many; numerous.

What is a multiple in math?

A multiple in math are the numbers you get when you multiply a certain number by an integer. For example, multiples of 5 are: 10, 15, 20, 25, 30…etc. Multiples of 7 are: 14, 21, 28, 35, 42, 49…etc. Can you name some multiples of 3 now? An easy way to remember the multiples of single-digit numbers is by skip-counting.


3 Answers

What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity

        app.UseIdentity();

app.UseCookieAuthentication was not the solution.

I finally found my solution by implementing ICookieManager.

Here is my solution:

in Startup.cs:

    services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {
            options.Password.RequireDigit = false;
            options.Password.RequiredLength = 5;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireLowercase = false;
            options.Password.RequireUppercase = false;
            options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
        }).AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

now in a class I have called CookieManager.cs:

public class CookieManager : ICookieManager
{
    #region Private Members

    private readonly ICookieManager ConcreteManager;

    #endregion

    #region Prvate Methods

    private string RemoveSubdomain(string host)
    {
        var splitHostname = host.Split('.');
        //if not localhost
        if (splitHostname.Length > 1)
        {
            return string.Join(".", splitHostname.Skip(1));
        }
        else
        {
            return host;
        }
    }

    #endregion

    #region Public Methods

    public CookieManager()
    {
        ConcreteManager = new ChunkingCookieManager();
    }

    public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
    {

        options.Domain = RemoveSubdomain(context.Request.Host.Host);  //Set the Cookie Domain using the request from host
        ConcreteManager.AppendResponseCookie(context, key, value, options);
    }

    public void DeleteCookie(HttpContext context, string key, CookieOptions options)
    {
        ConcreteManager.DeleteCookie(context, key, options);
    }

    public string GetRequestCookie(HttpContext context, string key)
    {
        return ConcreteManager.GetRequestCookie(context, key);
    }

    #endregion
like image 117
Michael Avatar answered Sep 16 '22 12:09

Michael


In addition to @michael's solution:

  • ICookie: ICookie Interface is an abstraction layer on top of http cookie object, which secures the data.
  • ICookieManager: Cookie Manager is an abstraction layer on top of ICookie Interface. This extends the Cookie behavior in terms of <TSource> generic support, Func<TResult>.This is implemented by DefaultCookieManager class. ICookie Interface is a depedenacy of this class.
  • Usage of CookieManager:

    1. Add CookieManager in startup Configure Service.
    2. Access the CookieManager API.
    3. And the source code is available on git by Nemi Chand.
like image 40
King Reload Avatar answered Sep 20 '22 12:09

King Reload


How many main domains are there? If there are not too many, you can add several CookieAuthenticationOptions. Like this:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = "mywebpage.com.au",
            CookieDomain = "mywebpage.com.au",
        });
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = "yourwebpage.com.au",
            CookieDomain = "yourwebpage.com.au",
        });

If there are too many main domains, you will need to write your own cookie provider.

like image 40
VHao Avatar answered Sep 20 '22 12:09

VHao