Tuesday, June 2, 2020

Sharing authentication ticket between .NET Core and ASP.NET (Owin)

By default authentication tickets cannot be shared between .NET Core and OWIN. The good news is that it is possible but we have to take some extra steps:

.NET Core App

On .NET Core side we have to change the cookie authentication middleware:

  • The cookie name should match the name used by the OWIN Cookie Authentication Middleware (.AspNet.SharedCookie for example).
  • An instance of a DataProtectionProvider should be initialized to the common data protection key storage location.

ASP.NET (OWIN) App

On ASP.NET (OWIN) side we have to install the Microsoft.Owin.Security.Interop package first.

Then we can change the cookie authentication middleware:

  • The cookie name should match the name used by the ASP.NET Core Cookie Authentication Middleware (.AspNet.SharedCookie in the example).
  • An instance of a DataProtectionProvider should be initialized to the common data protection key storage location.