10

I'm using CookieAuthenticationOptions to configure authentication in my .NET Core application, but my login page is on a different domain. However, the LoginPath property only allows an internal path, not a full URI. So the following code:

var cookieOptions = new CookieAuthenticationOptions()
{
    AuthenticationScheme = "Cookies",
    LoginPath = new PathString("https://externaldomain.com/login"),
    CookieName = string.Format("myCookie"),
};

app.UseCookieAuthentication(cookieOptions);

... is invalid. This should be reasonably simple, or am I missing something here? I'd hate to handle this internally in my application and do the actual redirection myself. That would be kinda lame.

Razzie
  • 30,834
  • 11
  • 63
  • 78
  • 1
    As workaround you can create a local page/controller that redirect to your external link – Kalten Aug 29 '16 at 12:44
  • Well yes, but as I stated in my question, 'I'd hate to handle this internally in my application and do the actual redirection myself.'. Seems strange to have to do this myself. – Razzie Aug 29 '16 at 12:59
  • @Razzie Just i wonder how can you set cookie via another domain? – adem caglin Aug 29 '16 at 13:00
  • @ademcaglin it runs on subdomain, so the cookie can be read across multiple applications – Razzie Aug 29 '16 at 13:00

2 Answers2

12

The accepted answer is for .NET Core 1.x. For anyone who wants to implement it on .NET Core 2.x, use the following inside ConfigureServices, on Startup.cs:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(o =>
    {
        o.Cookie.Name = "myCookie";
        o.Events = new CookieAuthenticationEvents()
        {
            OnRedirectToLogin = (context) =>
            {
                context.HttpContext.Response.Redirect("https://externaldomain.com/login");
                return Task.CompletedTask;
            }
        };
    });
Lucas Carneiro
  • 530
  • 6
  • 13
  • In .NET 5 having multiple sites using the same cookie, where only one has authentication page - I had to define a `DataProtectionProvider` as described [here](https://jakeydocs.readthedocs.io/en/latest/security/data-protection/compatibility/cookie-sharing.html) – drizin Mar 09 '21 at 01:00
11

Use OnRedirectToLogin:

var cookieOptions = new CookieAuthenticationOptions()
{
    AuthenticationScheme = "Cookies",
    CookieName = string.Format("myCookie"),
    Events = new CookieAuthenticationEvents()
    {
          OnRedirectToLogin = async (context) =>
          {
              context.HttpContext.Response.Redirect("https://externaldomain.com/login");
          };
    }
}
adem caglin
  • 22,700
  • 10
  • 58
  • 78
  • I can't get this to work, but I'm unsure if it's due to a change in .NET Core's newer versions. It underlines the entire Lambda function and complains that it lacks the `await` operator. But it also throws syntax errors for a bunch of `} expected` starting with the `};` after the .Redirect line. If I drop the `async` it then complains that not all code paths return a value in the lambda expression. – Andrew S Jul 11 '17 at 21:54