1

Related question:

Authentication in .NET Web API using MVC FormsAuthentication

I have a client application that lives outside of my WebAPI solution's domain (right now two different solutions on localhost - one on port X, the other on port Y). I'm attempting to use forms authentication with code like this: 

if (WebSecurity.Login(model.UserName, model.Password, persistCookie: true))
            {
                var response = Request.CreateResponse(HttpStatusCode.OK, "logged in successfully");
                return response;
            }

In something like POSTMan this works, but using the client / JS application, the cookie does not get saved, so the user is never truly authenticated. I see the _RequestVerificationToken, but never the .ASPXAUTH token.

A requirement of this application is to use forms auth by setting cookies using WebSecurity. Is this possible when client and server are on different domains?

If there's anything else I can provide to make this issue clearer, please let me know.

Improve this question

1 Answer 1

Reset to default
2

Assuming you are using CORS. By default, cookies are not enabled with CORS. In jQuery, you need to set

xhrFields: {
       withCredentials: true
}

Also, the server must send the response header Access-Control-Allow-Credentials: true.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Disregard my previous comment - everything is working. Thank you SO much - you saved me countless hours.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.