none
Sharing Authentication Cookies between Azure Web app - RRS feed

  • Question

  • We are going online on two projects.

    For many reasons, we have made the choice of using Azure (security, ease of management, backups etc).
    Since our both applications are quite needs centric (forum in one hand and document, events management and so one sharing in the other hand) we decide to use the same logon process by sharing with Collaborative app (let's say application A) the logon process of the forum (Application B).

    Application B uses a basic asp.net form authentication process and we define cookie info and eveything like below

    <machineKey validationKey="6967A562CAD14767F163" decryptionKey="6159" validation="H56" decryption="AES" />
        <authentication mode="Forms">
          <forms loginUrl="~/members/logon" cookieless="UseCookies" name=".ASPXAUTH" timeout="432000" slidingExpiration="true" enableCrossAppRedirects="true" domain="ourdomain.net" requireSSL="false" protection="All" path="/" />
        </authentication>

    Of course this configuration have been replicated accordingly in application A.

    We have tested this under IIS on Windows server 2012 locally and cookie gets created from Forum (application B) and sent back to Application A which in turn decrypts and make User.Authenticated set to true

    Problem appear when we deployed both applications to azure. All configurations remains the same, we created cname record on our custom domain to make links more accessible.

    By using fiddler we can see that application B correctly creates cookie that is sent to application A but User.Authenticated remains false meaning the cookie is not understood (may be ?)

    How can we achieve this cookie sharing with Azure ?

    Thanks for your assistance.

    Friday, November 4, 2016 10:42 AM

All replies

  • Friday, November 4, 2016 6:28 PM
  • Dear Khan

    Thanks for your reply.
    We went through these threads before posting our's.

    All those examples run smoothly under the same IIS configuration on the same machine.
    Our case is rather regarding Azure Web apps, which tends not to be using exactly the same physical or logical context. If you read thoroughfully my post, you will notice that the general described cookie mechanism work. Yet Site1 cannot understand or get access to the site 2 created cookie although it is sent (know from fiddler checking).

    On azure, we were not able to make cookie sharing work between two MVC 5 web applications. If you have any ressource dealing with this, your help is greatly appreciated !!

    Thanks again

    Sunday, November 6, 2016 3:34 PM
  • Curious enough now

    We have provision an Azure VM, deployed IIS in it and deployed both websites.

    Same problem, redirection for login works, cookie is created but Site1 User.Identity.Authenticated remains false.

    The only one difference between this VM and our local test is that in the local VM there's no A record, the two websites are bound to localhost via windows host file (system32/drivers/etc/hosts)

    While in azure VM we used an A record to bind domain name to the PIP of the VM.

    If this can help you figure out what could be wrong.

    Thanks

    Sunday, November 6, 2016 5:53 PM
  • Dear Khan

    Thanks for your reply.
    We went through these threads before posting our's.

    All those examples run smoothly under the same IIS configuration on the same machine.
    Our case is rather regarding Azure Web apps, which tends not to be using exactly the same physical or logical context. If you read thoroughfully my post, you will notice that the general described cookie mechanism work. Yet Site1 cannot understand or get access to the site 2 created cookie although it is sent (know from fiddler checking).

    On azure, we were not able to make cookie sharing work between two MVC 5 web applications. If you have any ressource dealing with this, your help is greatly appreciated !!

    Thanks again

    Tuesday, November 15, 2016 7:49 AM