How can I set the CookieDOmain in the CookieAuthenticationOptions at runtime if i want to pull this value from the Request.Url or from some settings stored in my database?
I want to support sub-domains, but also support multi-tenants too which each have different domains.
At the moment this is configured I don't have access to either of these.
Paul
You can assign your own cookie provider:
CookieAuthProvider myProvider = new CookieAuthProvider();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = myProvider
});
Either implement your own, or simply inherit from the existing provider:
public class CookieAuthProvider : CookieAuthenticationProvider
{
public override void ResponseSignIn(CookieResponseSignInContext context)
{
//Alter you cookie options
//context.CookieOptions.Domain = "www...";
base.ResponseSignIn(context);
}
}
And implement ResponseSignIn, it is called when an endpoint has provided sign in information before it is converted into a cookie. By implementing this method the claims and extra information that go into the ticket may be altered.
You'll be passed a CookieResponseSignInContext, which exposes CookieOptions property that can be replaced or altered during the ResponseSignIn call.
Code references from Katana project:
Do you already try this:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
LoginPath = "/Account/Login",
CookieDomain = ".myDomain.com"
});
It looks like MK. answer does not allow proper handling of token renewal when using SlidingExpiration option.
As a workaround, instead of supplying a custom cookie provider, it appears you can supply a custom cookie manager, and define your own methods for adding/removing the cookie.
To keep it simple in my case, I reuse the default cookie manager under the hood. (I can not extend it, its methods are not overridable.)
Here is the code I have ended up with:
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Infrastructure;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.DataProtection;
using Owin;
public class Startup
{
public void Configuration(IAppBuilder app)
{
var options = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
SlidingExpiration = true,
CookieManager = new CustomCookieManager()
};
app.UseCookieAuthentication(options);
}
}
public class CustomCookieManager : ICookieManager
{
private readonly ICookieManager ConcreteManager;
public CustomCookieManager()
{
ConcreteManager = new ChunkingCookieManager();
}
string ICookieManager.GetRequestCookie(IOwinContext context, string key)
{
return ConcreteManager.GetRequestCookie(context, key);
}
void ICookieManager.AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
{
SetupDomain(context, options);
ConcreteManager.AppendResponseCookie(context, key, value, options);
}
void ICookieManager.DeleteCookie(IOwinContext context, string key, CookieOptions options)
{
SetupDomain(context, options);
ConcreteManager.DeleteCookie(context, key, options);
}
private void SetupDomain(IOwinContext context, CookieOptions options)
{
// custom logic for assigning something to options.Domain
}
}
来源:https://stackoverflow.com/questions/22989920/asp-net-identity-setting-cookiedomain-at-runtime