Single Sign ON #5164 | Support Center

ice2burn created 6 years ago

After authorization on Web.Mvc project, user no longer authorized on Web.Public project and vice versa.

Identity server is enabled by default.

OpenId is enabled. I also set options.RequireHttpsMetadata to false to be able to test it on default ports.

I configured Web.Public according to [http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html])

But looks like, it uses JWT authentication by default.

7 Answer(s)

0

alper created 6 years ago
Support Team

Public website uses the same login page with the non-public website. So when you click login button on Public website, it redirects you to the one and only login page with a returnUrl. After successful login you turn back to the Public website. Check that you have the marked cookies after successful login. If you have them, check the domains. Different domain names will not allow you share the cookies btw Public and The Not Public.[attachment=0:28rm3g3e]cookie.jpg[/attachment:28rm3g3e]
0

ice2burn created 6 years ago

I have all described cookies, domain is "localhost" everywhere.

So different ports = different domains?
0

alper created 6 years ago
Support Team

Hi,

See the steps and specify in which step your problem is. [attachment=0:23mc9duv]Cookie-sharing-btw-mvc-public.jpg[/attachment:23mc9duv]
0
ice2burn created 6 years ago
Hi,

Thank you for screencast, sorry, I didnt make my problem clear.

Here are my steps:

Create latest aspnetzero template. Start both sites. Make sure they are opened in the same browser. (vs 2017 may start each site in separate browser process, so just copy the path of one of them and create new tab. It's important for step 4)

Clear cookies on both sites, just in case and refresh the pages.

Login to Web.Mvc on localhost:62114. Now we see dashboard.

Switch to Web.Public on localhost:45776 and login. We login automatically, since we have already made it in previous step. You should not see login screen.

Switch back to localhost:62114 and refresh page. We are not authorized anymore on Web.Mvc, so it redirect us on login screen. The cookie is different now for some reason. And that is my problem.

Thank you
0

ismcagdas created 6 years ago
Support Team

I have created an issue here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/1216">https://github.com/aspnetzero/aspnet-ze ... ssues/1216</a>, please follow it.
0

ice2burn created 6 years ago

Thank you, I subscribed on notifications
0

alper created 6 years ago
Support Team

now I understand your flow. might be a bug.

Have an answer to this question? Log in and write your answer.