I have an ASP.NET Core MVC application that also hosts an API. The site uses Identity defaults so when you log in a cookie is set. The API has been configured to use JWT Bearer authentication.
I also have a separate ASP.Net Core MVC app that hosts a Javascript SPA that communicates to this other site as the authentication server and the API.
On my dev machine these projects use different ports and when the I log in to the main API site a cookie is set and I can see that the cookie path is set to root " / ". This is the desired behaviour since I want the Javascript SPA to know that I am authenticated and logged in.
When I deploy this to our IIS server, I give each app a virtual path like so:
Site 1: /SPA Site 2: /API
When I deploy this to IIS, I notice that the cookie Path is set to "/API".
This is not the desired behaviour as the SPA app thinks I am not authenticated.
I want to be able to override this and set the cookie path explicitly to root "/".
How do I set the the cookie path while still allowing for JWT Bearer authentication?
