使用Identity Server时是否必须登录到每个Web应用程序? [英] Do I have to login to each web application when using Identity Server?

问题描述

说我有这样的设置:

MVCApp1
MVCApp2
Identity Server

因此，我的解决方案中包含三个项目. Identity Server现在正在为所有这些服务器工作.但是，我发现我必须分别登录每个人.那是对的吗?即，如果我登录到MVCApp1，那是否意味着我也应该隐式登录到MVCApp2?

Therefore there are three projects inside my solution. Identity Server is now working for all of them. However, I am finding that I have to login to each one individually. Is that correct? i.e. if I login to MVCApp1, then does that mean I should also be implicitly logged in to MVCApp2?

说我想登录所有三个Web应用程序，那么我是否必须浏览到每个Web应用程序并登录，或者我只需要执行一次(我认为这是单点登录的目的).

Say I wanted to login to all three web apps, then would I have to browse to each web app and login or should I only have to do this once (I thought this is what single sign on was for).

这是一些代码:

services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
                .AddCookie("Cookies")
                .AddOpenIdConnect("oidc", options =>
                {
                    options.SignInScheme = "Cookies";

                    options.Authority = identityUrl;
                    options.RequireHttpsMetadata = false;

                    options.ClientId = "mvc2";
                    options.ClientSecret = "secret";
                    options.ResponseType = "code id_token";

                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;

                    options.Scope.Add("API1");
                    options.Scope.Add("API2");
                    options.Scope.Add("offline_access");
                });

推荐答案

SSO旨在处理这种情况，不，您不需要分别登录每个应用程序.

SSO is designed to handle this case, and no, you shouldn't need to login to each application individually.

如果用户未登录，则当他们可以使用Identity Server进行身份验证时，应将其重定向到登录页面.通过身份验证后，用户应该能够(无需登录)访问应用程序MVCApp1和MVCApp2.

If a user is not logged in, you should redirect them to the login page, when they can authenticate with the Identity Server. Once authenticated, the user should be able to access (without login) to both applications MVCApp1 and MVCApp2.

我建议将您的JWT存储在cookie中，如果它们位于同一个域中，则可以由您的应用程序共享.然后，当您的任何应用程序需要授权时，请从请求标头中的cookie中获取JWT并将其用于身份验证.

I would recommend storing your JWT's in a cookie, which can then be shared by your applications IF they live under the same domain. Then when any of your applications require authorization, get the JWT from the cookie in the request header and use that for authentications.

这篇关于使用Identity Server时是否必须登录到每个Web应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！