ASP.NET Core Sharing Identity Cookie across azure web apps on default domain (*.azurewebsites.net)

All we need is an easy explanation of the problem, so here it is.

Having trouble sharing an Identity Cookie (using ASP.NET Core v2) across multiple web applications

On my development environment, cookies are shared automatically (as it’s localhost) – and that works fine!

When dealing with MS Azure, I’ve tried to set the cookie domain to .azurewebsites.net – to allow two web apps (e.g. app1.azurewebsites.net and app2.azurewebsites.net) to share a cookie.

Using the cookie configuration (abbreviated) like so:

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    services.ConfigureApplicationCookie(options =>
    {
         options.Cookie.Domain = ".azurewebsites.net";
    }
}

However, when I deploy the main site (the one that generates cookies from logins) to Azure, I can’t even login. The .AspNetCore.Application.Identity cookie doesn’t even get returned after entering username/password (or social logins)

I’ve also tried the solution here: https://stackoverflow.com/a/44310683/1025394
With no success

Question is: Is there possibly any filtering going on the Azure side of things? Stopping me from setting a cookie for .azurewebsites.net? Maybe for Security purposes?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

However, when I deploy the main site (the one that generates cookies from logins) to Azure, I can’t even login. The .AspNetCore.Application.Identity cookie doesn’t even get returned after entering username/password (or social logins)

I searched the web and found that some domain names do not allowed to create cookies for security concerns. Domains for Azure Cloud are listed as follows:

azurewebsites.net
azure-mobile.net
cloudapp.net

Detailed list of domains you could find here.

Moreover, if you want to share cookie among your multiple web apps, you could map custom domain name for your web apps (e.g. app1.yourwebsite.com, app2.yourwebsite.com) and set options.Cookie.Domain to .yourwebsite.com, details about mapping a custom domain you could follow here. Also, you need to configure data protection to use the same encryption keys for your multiple web apps. In addition, you could follow this similar issue.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply