(solution split into a separate answer following Chris comment)
I found a solution to keep the login status, it survives website stop/start, and an update of the website source folder:
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection()
// This helps surviving a restart: a same app will find back its keys. Just ensure to create the folder.
.PersistKeysToFileSystem(new DirectoryInfo("\\MyFolder\\keys\\"))
// This helps surviving a site update: each app has its own store, building the site creates a new app
.SetApplicationName("MyWebsite")
.SetDefaultKeyLifetime(TimeSpan.FromDays(90));
}
With these additional lines and the machine key set, the login data stays after site stop/start and IIS server restart, and if the site is rebuilt.
More information there: https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview
More proposed by justserega:
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/advanced?view=aspnetcore-6.0#data-protection