1

I would like to Authenticate in App1 and then click a link to App2 and not have to authenticate. I figure a very common scenario. And this doc says it is super easy to achieve. So I created a Identity Authenticating app verbatim of the instructions here.

I applied the 2 extra lines of code as suggested in the doc

services.AddDataProtection()
    .PersistKeysToFileSystem("{PATH TO COMMON KEY RING FOLDER}")
    .SetApplicationName("SharedCookieApp");

services.ConfigureApplicationCookie(options => {
    options.Cookie.Name = ".AspNet.SharedCookie";
});

I then and deployed it to my local IIS server(https://localhost/App1) and it was working perfectly.

For App2, I applied the same two lines of code as above and deployed it to my local IIS server(https://localhost/App2). After authenticating to App1 and then clicking the link to App2, i got an error "No authenticationScheme was specified, and there was no DefaultChallengeScheme found". I figured that had to be missing something in App2, but the doc only ever sites those two lines of code. Anyhow, I tried adding each of the following(not all at the same time) 4 options to make it happy and nothing worked.

    services.AddAuthentication("Identity.Application");

    services.AddAuthentication();//fails asking for default schema and challenge

    services.AddDefaultIdentity<IdentityUser>().AddEntityFrameworkStores<SharedAuthContext>();//fails

    services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    });

Something is obviously missing from App2, but i cannot figure it out?

Improve this question
0

1 Answer 1

Reset to default
3

CookieAuthenticationDefaults.AuthenticationScheme is a constant string with value "Cookies".

Identity framework uses different names for its cookies.

  • IdentityConstants.ApplicationScheme -> "Identity.Application"
  • IdentityConstants.ExternalScheme -> "Identity.External" (we're not interested in this)

So you should change the names to

services.AddAuthentication(options => {
    options.DefaultScheme = "Identity.Application";
    options.DefaultChallengeScheme = "Identity.Application";
}).AddCookie("Identity.Application", options => { ... });

Also refer to Microsoft docs on sharing cookies between apps.

https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks, but i still get the same "No authenticationScheme was specified, and there was no DefaultChallengeScheme found" using that configuration.
Do you have cookie auth schemes with the correct names? services.AddAuthentication(...).AddCookie("Identity.Application", ...)
See this: learn.microsoft.com/en-us/aspnet/core/security/data-protection/…. "By default, the Data Protection system isolates apps from one another based on their content root paths, even if they're sharing the same physical key repository. This prevents the apps from understanding each other's protected payloads."

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.