I am having trouble getting Windows Identity Framework to write the FedAuth cookie under certain circumstances. I am picking up the development of a suite of MVC4 websites which already use WIF and successfully write the FedAuth cookie for their own domain. Now I am trying to get the cookie written for each domain in my suite.
On my development machine, I have three websites hosted locally by IIS7.5 (app1.mycompany.com, app2.mycompany.com and app3.DIFFDOMAIN.com). When I sign into app1, I set the cookie's domain to "mycompany.com" which meansboth app1 and app2 are federated but I can't find a good way to get app3 included.
FederatedAuthentication.SessionAuthenticationModule
.CookieHandler.Domain = "mycompany.com".
Things I have noticed / tried so far:
In app1, I can set Domain = "app1.mycompany.com" or "mycompany.com" and the cookie is written but if I set it to anything else the cookie isn't writtentherefore there must be some underlying validation of the Domain property when writing the cookie. Is that true??
I wrote an API service in app3 to be called from app1 (e.g.
https://app3.DIFFDOMAIN.com/fedauth) which sets Domain = "DIFFDOMAIN.com".- When I call the api from a browser, the cookie is written.
- When I call the api from app1 using a rest client, the cookie is not written.
- When I RedirectPermanent from app1 to app3 url, the cookie is written (but I don't really want to redirect).
So I guess I'm asking why the cookie is not written when using a rest client and also how should I federate authentication on all domains?
Thanks,
John.