Asp.Net Identity and cookie names
-
21-12-2019 - |
Question
We have 2 applications that are both using Asp.Net Identity for security.
They have nothing to do with each other but I happen to be a developer on both projects.
I'm facing a quite annoying issue with the Cookie name. If I go to app1 and log in then to app2 and log in, I get disconnected from app1.
My wild guess is that it is because the 2 applications are sharing the same cookie name.
So for the ease of development and also because I think it is nicer I'm looking for a way to change the name of the cookie.
Any clue?
Solution
OK, found it.
By default, VS and Identity will create a file in App_Start named Startup.Auth.cs.
This file contains the following code
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
To fix our problem, we have to set the CookieName property of the CookieAuthenticationOptions
CookieName = "my-very-own-cookie-name"
That's it; nothing more.
Cheers!
OTHER TIPS
For FormsAuthentication, the change of cookie name is through web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogIn" timeout="2880" name=".cookie2" />
</authentication>