Base solution for your next web application
Open Closed

Single Sign ON #5164


User avatar
0
ice2burn created

After authorization on Web.Mvc project, user no longer authorized on Web.Public project and vice versa.

Identity server is enabled by default.

OpenId is enabled. I also set options.RequireHttpsMetadata to false to be able to test it on default ports.

I configured Web.Public according to [http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html])

But looks like, it uses JWT authentication by default.


7 Answer(s)
  • User Avatar
    0
    alper created
    Support Team

    Public website uses the same login page with the non-public website. So when you click login button on Public website, it redirects you to the one and only login page with a returnUrl. After successful login you turn back to the Public website. Check that you have the marked cookies after successful login. If you have them, check the domains. Different domain names will not allow you share the cookies btw Public and The Not Public.[attachment=0:28rm3g3e]cookie.jpg[/attachment:28rm3g3e]

  • User Avatar
    0
    ice2burn created

    I have all described cookies, domain is "localhost" everywhere.

    So different ports = different domains?

  • User Avatar
    0
    alper created
    Support Team

    Hi,

    See the steps and specify in which step your problem is. [attachment=0:23mc9duv]Cookie-sharing-btw-mvc-public.jpg[/attachment:23mc9duv]

  • User Avatar
    0
    ice2burn created

    Hi,

    Thank you for screencast, sorry, I didnt make my problem clear.

    Here are my steps:

    1. Create latest aspnetzero template. Start both sites. Make sure they are opened in the same browser. (vs 2017 may start each site in separate browser process, so just copy the path of one of them and create new tab. It's important for step 4)
    2. Clear cookies on both sites, just in case and refresh the pages.
    3. Login to Web.Mvc on localhost:62114. Now we see dashboard.
    4. Switch to Web.Public on localhost:45776 and login. We login automatically, since we have already made it in previous step. You should not see login screen.
    5. Switch back to localhost:62114 and refresh page. We are not authorized anymore on Web.Mvc, so it redirect us on login screen. The cookie is different now for some reason. And that is my problem.

    Thank you

  • User Avatar
    0
    ismcagdas created
    Support Team

    I have created an issue here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/1216">https://github.com/aspnetzero/aspnet-ze ... ssues/1216</a>, please follow it.

  • User Avatar
    0
    ice2burn created

    Thank you, I subscribed on notifications

  • User Avatar
    0
    alper created
    Support Team

    now I understand your flow. might be a bug.