Sharing Authentication cookie across 2 Sitecore instances:
As I mentioned in my first post, we now want to share the authentication cookie across 2 different sitecore instances (6.5 and 8.1)
Sitecore 8.1 and 6.5 behave differently when dealing with authentication.
Both use 2 cookies for authentication
- .ASPXAUTH (name specified in web.config)
- sitecore_userticket
Every version deals with authentication cookie in a different way
- Sitecore 6.5: When user logs in, both cookies are created. It only uses the .ASPXAUTH cookie for authentication. If you delete or modify the content of sitecore_userticket cookie using a browser plugin, it will not be regenerated. Sitecore is not affected if you modify the content of sitecore_userticket cookie
- Sitecore 8.1: When user logs in, both cookies are created. It only uses sitecore_userticket cookie for authentication. If it is missing or modified, then you are considered logged out even if you have the other cookie. sitecore_userticket content is different than Sitecore 6.5 cookie. So sharing it won't make logged in users in Sitecore 6.5 logged in Sitecore 8.1. .ASPXAUTH cookie can be deleted safely and it will be recreated with every request. You will get an ASP.Net Exception though, if you modify the content of the .ASPXAUTH cookie.
To summarize
- sitecore_userticket: Different across versions. Important only for Sitecore 8.1
- .ASPXAUTH: Same across versions. Important only for Sitecore 6.5
The solution I implmented to solve this was:
- Share .ASPXAUTH cookie across instances as both have the same top domain
- Recreate the sitecore_userticket in Sitecore 8.1 if .ASPXAuth cookie exists.
Sharing .ASPXAUTH cookie:
You will have to share the same machine key specified in the web.config in BOTH sites:
<machineKey validationKey="xxxxxxxxxxxxxxx" decryptionKey="xxxxxxxxxx" validation="SHA1" decryption="AES" />
Make the Authentication cookie domain the top domain used by BOTH instances
<authentication mode="None">
<forms name=".ASPXAUTH" cookieless="UseCookies" domain="[Your top domain here]"/>
</authentication>
Recreating sitecore_userticket Cookie:
I modified a solution is specified here. The solution specified in the link is good to share the ticket between 2 instances of the same version. In this case sharing the cookie is enough between the domains. But as the content of the cookie is not the same across the old and new versions of sitecore, we have to regenerate it again by adding the code below in the Global.asax file in the NEW sitecore instance. (This was a question I asked on stack exchange here)
protected void Application_EndRequest(object sender, EventArgs e)
{
var authCookie = HttpContext.Current.Response.Cookies["sitecore_userticket"];
if (!Request.IsAuthenticated || authCookie == null)
{
// when checking response cookies, cookie is created if not exists, so delete now
HttpContext.Current.Response.Cookies.Remove("sitecore_userticket");
return;
}
//we don't need to make it cross domain as it will be different for every instance
//due to version differences.
//create the ticket cookie. Every Sitecore instance will generate it the way it expects.
authCookie.Value = TicketManager.CreateTicket(HttpContext.Current.User.Identity.Name, string.Empty);
}
Conclusion:
Now you will have the sign on shared across the 2 versions. This solution may still have some minor issues but all the major challenges are fixed.
No comments:
Post a Comment