Question 180607 in ASP.NET Question posted in
The official documentation can be found here.

Framework Is ASP.NET Identity Cookie compatible between .NET Core & .NET Framework?

My issue is that I would like to share the ASP.NET identity cookie between .NET Core and .NET

I have the latest version of ASP.NET Identity in both places – the .NET Core is a new login page, the .NET is a legacy app that will be converted to .NET Core in the distant future.

I would like the two apps to share the cookie so if you log out of one, it logs out of the other.

Has anyone any experience of this? Know what settings are needed? Surely its something that has come up somewhere before?

This is my code:
ASP.NET Core (.NET 6) (login page)

services.ConfigureApplicationCookie(options =>
{
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
    options.SlidingExpiration = true;
    options.Cookie.SameSite = SameSiteMode.Strict;
    options.Cookie.Name = ".MyCookie";
});

ASP.NET 4.8 (legacy app)

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "Cookies",
    ExpireTimeSpan = TimeSpan.FromMinutes(10),
    SlidingExpiration = true,
    CookieSameSite = Microsoft.Owin.SameSiteMode.Strict,
    CookieSecure = CookieSecureOption.Always,
    CookieName = ".MyCookie"
});
Tags:

2

Answers


  1. 0

    You can check the thread below first, I have double confirmed it is you wanted.

    How to share a session values between an ASP.NET and ASP.NET Core application?

    You need to follow the steps to modify the code in this repo. You can check the test result.

    enter image description here

    Login or Signup to reply.
  2. 0

    ASP.NET 4.x apps that use Microsoft.Owin Cookie Authentication
    Middleware can be configured to generate authentication cookies that
    are compatible with the ASP.NET Core Cookie Authentication Middleware.
    This can be useful if a web application consists of both ASP.NET 4.x
    apps and ASP.NET Core apps that must share a single sign-on
    experience. A specific example of such a scenario is incrementally
    migrating a web app from ASP.NET to ASP.NET Core. In such scenarios,
    it’s common for some parts of an app to be served by the original
    ASP.NET app while others are served by the new ASP.NET Core app. Users
    should only have to sign in once, though. This can be accomplished by
    either of the following approaches:

    Using the System.Web adapters’ remote authentication feature, which uses the ASP.NET app to sign users in.

    Configuring the ASP.NET app to use Microsoft.Owin Cookie Authentication Middleware so that authentication cookies are shared with the ASP.NET Core app.

    https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-7.0#share-authentication-cookies-between-aspnet-4x-and-aspnet-core-apps

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search