We have three ASP.NET MVC 5 projects working alongside. for authentication, we came up using Single Sign On, following the very simple tutorial bellow:
Implementation of Single Sign On (SSO) in ASP.NET MVC
The main idea is to create a MachineKey shared between 3, and add the same authentication settings in 3 web.config files.
So now we have 3 sites called:
- SSO
- WebApp1
- WebApp2
one of our projects (SSO) does the job and two other depend on it. It works and we were happy but...
We are using Identity 2 Claim Based authentication in the SSO project and when a user logs in, we add some custom claims to his "identity". this way, we have 2 separate cookies: one for Single Sign On process and one for saving claims. here is the c# code:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string fromSite, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
// here the cookie which contains claims *is created* by Identity 2
// here we create the cookie used for Single Sing On
FormsAuthentication.SetAuthCookie(username, false);
// redirecting
if (string.IsNullOrWhiteSpace(fromSite))
{
if (string.IsNullOrWhiteSpace(returnUrl)) return RedirectToAction("Index", "Home");
return RedirectToLocal(returnUrl);
}
return Redirect(string.Format("{0}{1}", fromSite, returnUrl));
// other cases inside switch
.
.
.
}
}When a user goes from SSO site to another, say WebApp1, it remains logged in but we lost claims. Is there any way to "merge" these 2 cookies and retrive the claims in another site?