Asp.Net Authentication - Configuring CookieDomain at Run Time

Question

Asp.Net Authentication - Configuring CookieDomain at Run Time

How can I set CookieDOmain to CookieAuthenticationOptions at runtime if I want to extract this value from Request.Url or from some settings stored in my database?

I want to support subdomains, but also support multi-users, each of which has different domains.

This is currently configured. I do not have access to any of them.

Floor

+6

authentication asp.net claims-based-identity

Paul hinett Apr 10 '14 at 13:47

source share

3 answers

You have already tried this:

 app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Application", LoginPath = "/Account/Login", CookieDomain = ".myDomain.com" });

+3

jomsk1e Apr 17 '14 at 23:12

source share

It looks like MK. the answer does not allow the token update to be correctly processed when using the SlidingExpiration option.

As a workaround, instead of providing a custom cookie provider, it appears that you can provide a custom cookie manager and define your own methods for adding / removing cookies.

To make this simple in my case, I reuse the default cookie manager under the hood. (I cannot extend it, its methods are not redefined.)

Here is the code that ended with me:

 using Microsoft.AspNet.Identity; using Microsoft.Owin; using Microsoft.Owin.Infrastructure; using Microsoft.Owin.Security.Cookies; using Microsoft.Owin.Security.DataProtection; using Owin; public class Startup { public void Configuration(IAppBuilder app) { var options = new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, SlidingExpiration = true, CookieManager = new CustomCookieManager() }; app.UseCookieAuthentication(options); } } public class CustomCookieManager : ICookieManager { private readonly ICookieManager ConcreteManager; public CustomCookieManager() { ConcreteManager = new ChunkingCookieManager(); } string ICookieManager.GetRequestCookie(IOwinContext context, string key) { return ConcreteManager.GetRequestCookie(context, key); } void ICookieManager.AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options) { SetupDomain(context, options); ConcreteManager.AppendResponseCookie(context, key, value, options); } void ICookieManager.DeleteCookie(IOwinContext context, string key, CookieOptions options) { SetupDomain(context, options); ConcreteManager.DeleteCookie(context, key, options); } private void SetupDomain(IOwinContext context, CookieOptions options) { // custom logic for assigning something to options.Domain } }

+1

Frédéric Oct 27 '14 at 13:16

source share

MK. · Accepted Answer · 2014-04-22T14:04:04+0000

You can designate your cookie provider:

CookieAuthProvider myProvider = new CookieAuthProvider(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = myProvider });

Either implement your own, or simply inherit from an existing provider:

 public class CookieAuthProvider : CookieAuthenticationProvider { public override void ResponseSignIn(CookieResponseSignInContext context) { //Alter you cookie options //context.CookieOptions.Domain = "www..."; base.ResponseSignIn(context); } }

And to implement ResponseSignIn , it is called when the endpoint has provided login information before it is converted to a cookie. Using this method, claims and additional information that fall into the ticket can be changed.

You will be given a CookieResponseSignInContext , which provides a CookieOptions property that can be replaced or changed during a ResponseSignIn call.

Links to the Katana project code:

Asp.Net Authentication - Configuring CookieDomain at Run Time

More articles: