I am trying to setup SSO on my ASP.NET apps on the same domain using Auth0 & OWIN. I used the following tutorial to setup my Owin Context: Auth0 ASP.NET (OWIN) SDK Quickstarts: Login
I configured the Auth0 cookie with a name & Domain with the CookieAuthenticationOptions in startup.cs:
string auth0Domain = ConfigurationManager.AppSettings"auth0:Domain"];
string auth0ClientId = ConfigurationManager.AppSettings"auth0:ClientId"];
string auth0ClientSecret =
ConfigurationManager.AppSettings"auth0:ClientSecret"];
// Enable Kentor Cookie Saver middleware
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//Add Cross domain
CookieName = "sso.example.com",
CookieDomain = ".example.com",
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
My Auth0 Configuration:
var options = new Auth0AuthenticationOptions()
{
Domain = auth0Domain,
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
Provider = new Auth0AuthenticationProvider
{
OnAuthenticated = context =>
{
// Get the user's country
JToken countryObject = context.User"https://example.com/geoip"];
if (countryObject != null)
{
string countryCode = countryObject"country_code"].ToObject<string>();
string Lat = countryObject"latitude"].ToObject<string>();
string Long = countryObject"longitude"].ToObject<string>();
string City = countryObject"city_name"].ToObject<string>();
string Country = countryObject"country_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("country_code", countryCode, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("country_name", Country, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("city_name", City, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("longitude", Long, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("latitude", Lat, ClaimValueTypes.String, context.Connection));
}
JToken userMeta = context.User"https://example.com/user_metadata"];
if (userMeta != null)
{
string companyName = userMeta"company"].ToObject<string>();
context.Identity.AddClaim(new Claim("company", companyName, ClaimValueTypes.String, context.Connection));
string fullName = userMeta"full_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("full_name", fullName, ClaimValueTypes.String, context.Connection));
}
JToken rolesObject = context.User"https://example.com/app_metadata"];
if (rolesObject != null)
{
string] roles = rolesObject"roles"].ToObject<string]>();
foreach (var role in roles)
{
context.Identity.AddClaim(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, context.Connection));
}
}
return Task.FromResult(0);
}
}
};
options.Scope.Add("openid profile"); // Request a refresh_token
How would I go about authenticating the client on the secondary application (subdomain) by using the cookie, and only if the cookie is not valid, proceed to the Auth0 login page? The Cookie is available on the subdomain but I still have to go through the login proccess with Auth0. Am I missing something? Or is there an article I can read about the implimentation? Any advice would be greatly appreciated!!