locked
Cookie Authentication in Docker Container in Linux - Cookie is invalidated on each deployment RRS feed

  • Question

  • User-451260051 posted

    I have an .NET Core 2.2 MVC app that I'm deploying via Docker in a Linux environment. I'm using cookie authentication, which is working great except when a new deployment happens. It seems the cookie is invalidated on each new container. Here is what I've implemented so far, based on blog posts around the web, but I cannot get this to work correctly.

    1. I created a new PFX certificate and included it in the container via a COPY command in the Dockerfile:
      ...
      
      COPY ./resources/certificate.pfx ./etc/keys/certificate.pfx
      
      ...
    2. In my ConfigureServices method in Startup.cs I've enabled DataProtection using the certificate:
      services.AddDataProtection()
                  .PersistKeysToFileSystem(new DirectoryInfo("../etc/keys/"))
                  .ProtectKeysWithCertificate(this.CreateOauthCertificate())
                  .SetApplicationName("MYAPP");
      private X509Certificate2 CreateOauthCertificate()
              {
                  var path = "../etc/keys/certificate.pfx";
                  var password = "MYPASSWORD";
                  return new X509Certificate2(path, password);
              }
    3. Then I configure cookie authentication:
      services.Configure<CookiePolicyOptions>(options =>
                  {
                      // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                      options.CheckConsentNeeded = context => false;
                      options.MinimumSameSitePolicy = SameSiteMode.None;
                  });
      
                  services.AddAuthentication(options => 
                          {
                              options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                              options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                              options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                          })
                          .AddCookie(options =>
                          {
                              options.LoginPath = "/auth/signin";
                              options.LogoutPath = "/auth/signout";
                              options.Cookie.Name = ".AspNet.SharedCookie";
                          });
      That's it, I deploy the container and log in just fine until the next deployment, then everyone has to log in again. I've gone down this path as I read that if DataProtection is not in place with a custom certificate then each container will encrypt the cookie differently, which makes sense.

    Any help is appreciated! Thank you!

    Wednesday, August 7, 2019 10:40 AM

Answers

All replies