你如何通过应用程序域之间的authenticaticated会议 [英] How do you pass an authenticaticated session between app domains

问题描述

比方说，你有自己的网站和www.xyz.com www.abc.com。

Lets say that you have websites www.xyz.com and www.abc.com.

比方说，用户进入www.abc.com，他们得到通过正常的ASP .NET成员提供认证。

Lets say that a user goes to www.abc.com and they get authenticated through the normal ASP .NET membership provider.

然后，从该网站，他们会发送到（重定向，链接，无论作品）网站www.xyz.com，与本站www.abc.com的意图是用户传递给其他站点的状态isAuthenticated，使该网站www.xyz.com不要求所述用户再次凭据。

Then, from that site, they get sent to (redirection, linked, whatever works) site www.xyz.com, and the intent of site www.abc.com was to pass that user to the other site as the status of isAuthenticated, so that the site www.xyz.com does not ask for the credentials of said user again.

将需要什么这个工作？我虽然这方面的一些限制，用户数据库是完全分开的，它不是内部的组织，在所有方面，这就像从stackoverflow.com传送给Google的认证，它是独立的性质。到相关文章的链接就足够了。

What would be needed for this to work? I have some constraints on this though, the user databases are completely separate, it is not internal to an organization, in all regards, it is like passing from stackoverflow.com to google as authenticated, it is that separate in nature. A link to a relevant article will suffice.

推荐答案

我昨晚就此问题与我工作的应用程序。我使用FormAuthentication并设置web.config中的身份验证部分，像这样：

I had this issue last night with an application I was working on. I'm using FormAuthentication and set the web.config authentication section like so:

<authentication mode="Forms">
  <forms name=".ASPXAUTH" requireSSL="true" 
      protection="All" 
      enableCrossAppRedirects="true" />
</authentication>

我从这个发电机机密钥和加密密钥。

在张贴到我通过了身份验证票证为隐藏领域的其它应用。虽然读的第一个应用程序后，第二个应用程序将读取加密机票和用户进行身份验证。下面是通过该职位领域页面的例子：

When posting to the other application I passed the authentication ticket as hidden field. While read the post from the first app, the second app will read the encrypted ticket and authenticate the user. Here's an example of the page that passes that posts the field:

的.aspx：

<form id="form1" runat="server">
  <div>
    <p><asp:Button ID="btnTransfer" runat="server" Text="Go" PostBackUrl="http://otherapp/" /></p>
    <input id="hdnStreetCred" runat="server" type="hidden" />
  </div>
</form>

code-背后：

code-behind:

protected void Page_Load(object sender, EventArgs e)
{
    FormsIdentity cIdentity = Page.User.Identity as FormsIdentity;
    if (cIdentity != null)
    {
        this.hdnStreetCred.ID = FormsAuthentication.FormsCookieName;
        this.hdnStreetCred.Value = FormsAuthentication.Encrypt(((FormsIdentity)User.Identity).Ticket);
    }
}

我在这第5章<一个灵感来自于交叉应用形式验证部分href=\"http://www.wrox.com/WileyCDA/WroxTitle/Professional-ASP-NET-2-0-Security-Membership-and-Role-Management.productCd-0764596985.html\"相对=nofollow>从Wrox的书。它建议像上面除了提供一个自制SSO解决方案的那些答案。如果你有4.99，你可以得到的只是点播的章节。

I was inspired by the cross app form authentication section in Chapter 5 of this book from Wrox. It recommends answers like the ones above in addition to providing a homebrew SSO solution. If you've got 4.99, you can get just the chapter on-demand.

希望帮助...

这篇关于你如何通过应用程序域之间的authenticaticated会议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！