Revisit how application identifier is generated
Closed this issue · 6 comments
Eilon commented
Perhaps in the case of IIS (and thus Antares), ANCM should flow the IIS "app id" so that Data Protection could use it.
blowdart commented
This is probably a hosting issue
Tratcher commented
or ANCM + IISIntegration
davidfowl commented
We need to also consider xplat and service fabric scenarios (clusters in general).
/cc @glennc
johnkors commented
Are we talking about DataProtectionUtilityExtensions ?
It's by default causing invalidation of cookies when used in conjunction with Octopus, which deploys to a different physical path every deploy.
@anderaus wrote a piece about the issues here: http://blog.novanet.no/a-pile-of-anti-forgery-cookies/
davidfowl commented
Yes, it's a really bad default.
aspnet-hello commented
This issue was moved to dotnet/aspnetcore#2512