Overlap User Login in Two Projects with ASP.NET Identity

Question

I have a problem I can not understand in asp.net identity

apply the following steps

1. create two empty web projects, they have names :
   • WebApplication1
   • WebApplication2
2. install package "Microsoft ASP.NET Identity Samples 2.0.0-beta2" On each project
3. Create two sql database have the following names:
   • WebDatabase1
   • WebDatabase2
4. add user has name "User1" in WebApplication1
5. add user has name "User2" in WebApplication2
6. run two the projects at the same time.

My problem is when I Login by "User1" in "WebApplication1"

I find WebApplication2 is logged with User1.

despite each project have separate database.

And also NO User1 in WebApplication2.

What's a problem?

Excuse my bad English!

Answer 1

When a user signs into the site, the auth middleware serializes the logged in user information (including the id, name, and roles) into the encrypted auth cookie. On subsequent visits, the framework simply decrypts and reads that information without hitting the database.

By default, the same cookie name is used across ASP.NET applications. What you see happening is WebApp1 setting the cookie, and WebApp2 reading it. This is because they're on the same domain (or localhost) and cookies are shared across resources on the same domain.

Try changing the cookie name in your applications...

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    // ...
    CookieName = "WebApp1AuthCookie"
});