I am trying to flow the asp.net authentication cookie from one MVC 5 website to another, on the same parent domain, using OWIN cookie authentication. I couldn't make it work on the real sites, so have created an isolated test solution with two web app projects, and hosted them locally in IIS 7.5 with hosts "owinauth" and "app2.owinauth" (both mapped to 127.0.0.1 in the hosts file). I have trawled the web the last couple of days and tried setting the CookieDomain property to ".owinauth" in my Startup file, giving both sites the same machine key and have tried custom CookieManagers/CookieProviders to set the cookie domain, but to no avail. Nothing seems to quite work. The cookie is never sent with the request to app2, but I also have experienced problems logging in to and out of the owinauth site when I set the CookieDomain. Different setups exhibit different issues.
So, could somebody in the know please be so kind as to explain the prerequisites for making sub-domain SSO work with OWIN? I would be very grateful. I would like to know which NuGet packages must be installed, and versions, the code required in Startup for both sites, any web.config changes, machine key pre-requisites, etc.
We also have a WebForms site on the same domain (different sub domain of course), which also uses OWIN authentication, on which we would want to implement the same SSO as the MVC apps. Are there any gotchas in that scenario too please?
Thanks in advance!