search

aspnet / Security

[Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
1.27k stars 599 forks source link

Share cookies & tokens between asp.net core and legacy .net framework application. #1838

Closed WayneCBarker closed 6 years ago

WayneCBarker commented 6 years ago

I have a custom identity provider (IP-STS) and several (RP) applications written in .net framework 4.6.2 implementing WS-Federation. We make use of reference mode for our token to reduce the size of our cookies and as such have a shared token cache in Redis.

We recently implemented an asp.net core website which need to participate in SSO to allow the user to have a seamless experience when navigating from the one site to the other.

  1. What exactly needs to be done to allow SSO between .net framework sites and .net core?

  2. I read that the cookie format and encryption is different in .net core. Will the .net core site be able to read the cookie coming from the IP-STS?

Eilon commented 6 years ago

@blowdart can you follow up on this with any guidance?

blowdart commented 6 years ago

Just my sample https://github.com/blowdart/idunno.CookieSharing

Eilon commented 6 years ago

OK then I'll go ahead and close this issue.