Question:

Login to Sitecore 9.1 across multiple subdomains

Sitecore

Jack: 19 May 2022

I am trying to login to Sitecore across multiple domains. I mean, I have two different sites abc.x.com and xyz.x.com.

is there a way to set the auth cookies at parent domain level, in my case at x.com level and let the user to access both the sites?

I noticed few posts for different Sitecore versions, but the one which we are using is 9.1 and i didn't find any article with Sitecore 9.1.

Sitecore 9.1 is using identity server & Owin authentication mechanism, the old posts and articles uses the legacy way of authentication and didn't work.

Any suggestions will help us.

Thanks

Answer:
Oliver: 19 May 2022

Sitecore 9.1 uses the Owin authentication mechanism, in the earlier versions it uses the .Net legacy form authentication mechanism. To enable the virtual login the below steps are followed. Inherited DefaultCookieAuthenticationOptions and passed the domain and other required properties in the constructor.

    public class CustomCookieAuthenticationOptions : DefaultCookieAuthenticationOptions
    {
        public CustomCookieAuthenticationOptions(DefaultCookieAuthenticationProvider provider, ICookieManager cookieManager, AuthenticationTypeResolver authenticationTypeResolver)
            : base(provider, cookieManager, authenticationTypeResolver)
        {
            CookieDomain = ".x.com";
            //Based on your requirement you can set the remaining properties
            //CookieSecure = Microsoft.Owin.Security.Cookies.CookieSecureOption.Never;
        }
    }
}

Injected the above class based on the sample given in the Sitecore document (https://doc.sitecore.com/developers/91/sitecore-experience-management/en/dependency-injection.html) Code - 

public class MyServicesConfigurator : IServicesConfigurator
    {
        public void Configure(IServiceCollection serviceCollection)
        {
            serviceCollection.AddTransient<DefaultCookieAuthenticationOptions, CustomCookieAuthenticationOptions>();
        }
    }

Config -

<configuration>
    <sitecore>
        <services>
            <configurator type= "Test.MyServicesConfigurator, Test.Poc"/>
        </services>
    </sitecore>
</configuration>

After the above changes, it sets the cookie at x.com but CORS still failed. I mean when I login from abc.x.com and try to access the page from the domain xyz.x.com, I am not able to access the Sitecore context set in abc.x.com. [Though both the sites are published from same Sitecore instance]. When further analyzing the issue, looks like the “ASP.NET_SessionId” needs to be at parent domain level i.e. x.com level [to share the similar Sitecore session between abc.x.com and xyz.x.com]. So updated the Web.config [Sitecore instance] as below.

<system.web>
    …
<httpCookies httpOnlyCookies="true" requireSSL="false" domain=".x.com" />
  </system.web>

Now when I login from abc.x.com, all the Sitecore cookies are set at x.com including the “ASP.NET_SessionId”. So my Sitecore context built in abc.x.com is accessible in xyz.x.com and this is what I expected.