This seems to be a cross-domain authentication issue. When users switch between connect.tradewindsstudios.us
and MyCampaign.tradewindsstudios.us
, they are essentially moving between different subdomains, which can cause the authentication cookies to not be shared.
To address this, you can configure your authentication cookies to be valid across all subdomains. Here’s how you can do it:
Configure Cookie Options: In your Startup.cs
or Program.cs
file, configure the cookie options to set the domain to .tradewindsstudios.us
. This will allow the cookie to be shared across all subdomains.
C#
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = ".tradewindsstudios.us";
});
Ensure Consistent Authentication Scheme: Make sure that both subdomains are using the same authentication scheme. This is typically handled by the AddAuthentication
and AddCookie
methods in your Startup.cs
or Program.cs
.
C#
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Domain = ".tradewindsstudios.us";
});
Single Sign-On (SSO) Setup: If you want a more robust solution, consider implementing Single Sign-On (SSO) using an identity provider like Azure AD, IdentityServer4, or another OAuth2/OpenID Connect provider. This way, users can authenticate once and access multiple subdomains without re-authenticating.
Cross-Origin Resource Sharing (CORS): Ensure that your CORS policy allows requests from your subdomains if you are making API calls between them.
C#
services.AddCors(options =>
{
options.AddPolicy("AllowSubdomains",
builder =>
{
builder.WithOrigins("https://connect.tradewindsstudios.us", "https://MyCampaign.tradewindsstudios.us")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
Al the pieces of code above are C#, for any reason I cannot change it to C# and keep JavaScript.
By setting the cookie domain to .tradewindsstudios.us
, the authentication cookie will be accessible to all subdomains, allowing users to stay logged in as they navigate between different campaign pages.