Vulnerability in EPiServer.Forms
I have an Alloy site that we created a couple of weeks ago that are running the latest version of Epi (as we speak ;-) ).
I am trying to move it to Azure to use it as a demo site and everything is working great except that it is impossible to login.
It just keep telling me that the username and/or password is wrong.
I am using EPiServer AspNetIdentity and when I run it local against the database, blobs, service bus (but the site on IIS Express) it works to login to the site, but when published in Azure it does not.
The site works for everyting else, just the login that does not work so the Database and Blobs is ok.
Anyone got any ide'a?
Try adding a CookieDomain to the Identity code in Startup. See last property in the CookieAuthenticationOptions below, set to a wildcard domain for multisite authentication.
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString(Global.LoginPath),
Provider = new CookieAuthenticationProvider
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<ApplicationUser>, ApplicationUser>(
regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user))
CookieDomain = ".egandalf.com"
Yeah domain thingy check answer here