Shared cookie authentication between ASP.NET Core RC2 and .NET 4.5.1 apps

Combining https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing and Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications I was able to come up with a working solution. I have no idea if this is the "correct" way to to it, but it works, so here it goes:

  1. Use the nuget-package Microsoft.Owin.Security.Interop 1.0.0-rc2-final in both of the applications.

  2. Create a TicketDataFormat using DataProtectionProvider specifying the same location on disk for the encryption keys, as well as the same purpose.

  3. Configure cookie authentication the owin way in both of the applications. Specify the same CookieName and TicketDataFormat:

.NET 4.5.1, in the Configure method of Startup.cs:

var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";

var dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));

app.SetDefaultSignInAsAuthenticationType(authenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = authenticationType,
            CookieName = cookieName,
            TicketDataFormat = ticketDataFormat
        });

.NET CORE RC2 in the Configure method of Startup.cs:

var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";

var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketFormat = new TicketDataFormat(dataProtector);


app.UseCookieAuthentication(
                new CookieAuthenticationOptions
                {
                    CookieName = options.CookieName,
                    CookieDomain = options.CookieDomain,
                    TicketDataFormat = ticketFormat
                });

Comments

  1. Hector

    • 2016/1/13

    NET 4.5.1 app. This is currently set up using the outdated Microsoft.Owin.Security.Cookies.Interop in the Configuration method of 

  2. Ernesto

    • 2021/5/2

    4. We have two .NET-apps running shared cookie authentication. One is an ASP.NET Core RC1 app, and the other is a classic .NET 4.5.1 app. This is currently set up using the outdated Microsoft.Owin.Security.Cookies.Interopin the Configurationmethod of Startup.cs: This works fine, but is no supported method for RC2.

  3. Issac

    • 2016/12/23

    We have two .NET-apps running shared cookie authentication. One is an ASP.NET Core RC1 app, and the other is a classic .NET 4.5.1 app.

  4. Rory

    • 2017/12/17

    For more information, see Share authentication cookies between ASP.NET 4.x and ASP.NET Core apps (dotnet/AspNetCore.Docs #21987). Use a common user database When apps use the same Identity schema (same version of Identity), confirm that the Identity system for each app is pointed at the same user database.

  5. Lyle

    • 2015/8/18

    To support this scenario, the data protection stack allows sharing Katana cookie authentication and ASP.NET Core cookie authentication 

  6. Niko

    • 2018/4/1

    Sharing Authorization Cookies between ASP.NET 4.x and .NET Core Barry is building a GitHub repro here with two sample apps and a markdown file to illustrate clearly how to accomplish cookie sharing. When you want to share logins with an existing ASP.NET 4.x app and an ASP.NET Core 1.0 app, you'll be creating a login cookie that can be read by

  7. Martini

    • 2016/7/5

    Documentation is not clear, and lack key details with reference to configuring data protector for authentication cookie. .NET Framework docs 

  8. Jasper

    • 2017/4/24

    To share authentication cookies between an ASP.NET 4.x app and an ASP.NET Core app, configure the ASP.NET Core app as stated in the Share authentication cookies among ASP.NET Core apps section, then configure the ASP.NET 4.x app as follows. Confirm that the app's packages are updated to the latest releases.

  9. Grayson

    • 2018/11/23

    The classic example of this is authentication cookies. Cookies are a way of persisting state between requests. You don't want to have to provide 

  10. Jamie

    • 2015/5/11

    To share authentication cookies between your ASP.NET 4.x applications and your ASP.NET Core applications, configure the ASP.NET Core application as stated above, then configure your ASP.NET 4.x applications by following the steps below. Install the package Microsoft.Owin.Security.Interop into each of your ASP.NET 4.x applications.

  11. Otis

    • 2018/3/14

    ASP.NET Core 1.0 works on .NET Framework 4.6 just fine. Another option that folks don't consider when talk of "porting" their apps comes up at 

  12. De Rosa

    • 2020/3/20

    ASP.NET Core Identity is a complete, full-featured authentication provider for creating and maintaining logins. However, a cookie-based authentication provider without ASP.NET Core Identity can be used. For more information, see Introduction to Identity on ASP.NET Core. View or download sample code ( how to download)

  13. Kaden

    • 2015/2/3

    To share authentication cookies between two different ASP.NET Core applications, configure each application that should share cookies as follows.

  14. Jaxson

    • 2016/10/26

    One of the easiest methods to implement your own Custom Authentication Logic in ASP.NET Core is with Cookie Authentication method. Note that the Cookie Authentication method is not related to ASP.NET Core Identity in any way. Let me show how to Implement the Cookie Authentication in an ASP.NET Core application. Configuration First you need to

Comments are closed.

Recent Posts