Sharing authentication cookie among asp net core 1 mvc6 and mvc 5 applications


authentication cookies among ASP.NET Core 1 MVC6 and MVC 5 applications can be a challenging task. However, with the right approach and of the underlying concepts, it is possible to achieve seamless authentication across different of ASP.NET.

Understanding Authentication Cookies

Authentication cookies are used to maintain a user's authentication state across multiple requests. When a user logs in to an application, a cookie is generated and sent to the client's browser. This cookie contains encrypted information that identifies the user and their authentication status.

ASP.NET Core 1 MVC6 and MVC 5 Compatibility

ASP.NET Core 1 MVC6 and MVC 5 use different authentication systems. MVC 5 uses the older Forms Authentication system, while MVC6 uses the newer ASP.NET Core Identity system. These systems have different cookie formats and encryption algorithms, making it challenging to share authentication cookies between them.

Approach 1: Custom Cookie Authentication Middleware

To share authentication cookies between ASP.NET Core 1 MVC6 and MVC 5 applications, you can create a custom cookie authentication middleware. This middleware will handle the cookie authentication process and ensure compatibility between the two versions.

// CustomCookieAuthenticationMiddleware.cs

public class CustomCookieAuthenticationMiddleware
    private readonly RequestDelegate _next;

    public CustomCookieAuthenticationMiddleware(RequestDelegate next)
        _next = next;

    public async Task (HttpContext context)
        // Check if the request contains the authentication cookie
        if (context.Request.Cookies.ContainsKey("AuthCookie"))
            // Decrypt the cookie and  the user's authentication information
            var authInfo = DecryptCookie(context.Request.Cookies["AuthCookie"]);

            // Set the user's authentication information in the current request context
            context.User = new ClaimsPrincipal(authInfo);

            // Continue processing the request
            await _next(context);
            //  the user to the login page

    private ClaimsIdentity DecryptCookie(string cookieValue)
        // Decrypt the cookie value and extract the user's authentication information
        // Implement your decryption  here

        return new ClaimsIdentity();

In this example, we create a custom middleware called CustomCookieAuthenticationMiddleware. This middleware intercepts each request and if it contains the authentication cookie. If the cookie is present, it decrypts the cookie value and sets the user's authentication information in the current request context. If the cookie is not present, it redirects the user to the login page.

Approach 2: Shared Authentication Service

Another approach to sharing authentication cookies between ASP.NET Core 1 MVC6 and MVC 5 applications is to create a shared authentication service. This service will handle the authentication process and provide a common interface for both versions of the application.

// SharedAuthenticationService.cs

public class SharedAuthenticationService
    public bool AuthenticateUser(string username, string password)
        // Implement your authentication logic here
        // Return true if the user is authenticated,  otherwise
        return true;

    public string GenerateAuthenticationCookie(string username)
        // Generate an authentication cookie for the specified username
        // Implement your cookie generation logic here

        return "AuthCookie";

In this example, we create a shared authentication service called SharedAuthenticationService. This service provides methods to authenticate a user and generate an authentication cookie. The implementation of these methods will depend on your authentication requirements.


Sharing authentication cookies among ASP.NET Core 1 MVC6 and MVC 5 applications can be achieved through custom middleware or a shared authentication service. Both approaches require understanding the differences between the authentication systems used in each version and implementing the necessary logic to handle the cookie authentication process.

By following these approaches and customizing them to fit your specific requirements, you can successfully share authentication cookies and provide a seamless user experience across different versions of ASP.NET.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents