I have a webpage which uses multiple URLS for the same application:

for example: *.MyWebPage.com.au *.YourWebPage.com.au

So I needed the cookie to be saved less the subdomain to allow authentication across all parts of my webpage.

An important thing to realize is the difference between Identity and CookeieAuthentication. Alot of blogs on the internet will point you to a solution involving:

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = “mywebpage.com.au”
})

If you are using ASP.Net Identity (ie app.UseIdentity();) then this is not the solution;

What you need to do is implement ICookieManager

In startup.cs:

services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
}).AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();

now in a class I have called CookieManager.cs:

public class CookieManager: ICookieManager {#
region Private Members

private readonly ICookieManager ConcreteManager;

#endregion

#region Prvate Methods

private string RemoveSubdomain(string host) {
var splitHostname = host.Split(‘.’);
//if not localhost
if (splitHostname.Length > 1) {
return string.Join(“.”, splitHostname.Skip(1));
} else {
return host;
}
}

#endregion

#region Public Methods

public CookieManager() {
ConcreteManager = new ChunkingCookieManager();
}

public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options) {

options.Domain = RemoveSubdomain(context.Request.Host.Host); //Set the Cookie Domain using the request from host
ConcreteManager.AppendResponseCookie(context, key, value, options);
}

public void DeleteCookie(HttpContext context, string key, CookieOptions options) {
ConcreteManager.DeleteCookie(context, key, options);
}

public string GetRequestCookie(HttpContext context, string key) {
return ConcreteManager.GetRequestCookie(context, key);
}