AuthenticationForm - 跨站点的Cookie [英] AuthenticationForm - Cross Site Cookies

问题描述

我有2网站，第一个是 myFirst.domain.com ，第二个是 mySecondSite.domain.com 。

I've 2 web sites, the first one is myFirst.domain.com and the second one is mySecondSite.domain.com.

他们住在两个不同的Web服务器和我的目标是让跨站身份验证（我真正需要的是共享 FormsAuthentication 饼干）。

They stay on two different web servers and my goal is to allow cross site authentication (my real need is shared FormsAuthentication Cookie).

我已经正确地设置了我的的web.config 文件（机关键节点，形成节点）。唯一的区别是关于loginUrl凡myFirstSite看起来像〜/ login.aspx的，并在mySecondSite看起来像 http://myFirstSite.com/ login.aspx的。

I've correctly set up my web.config file (machine key node, forms node). The only difference is about loginUrl where on myFirstSite appears like ~/login.aspx, and on mySecondSite it appears like http://myFirstSite.com/login.aspx.

请注意，我已经没有了一个虚拟目录，我只是2个不同的网络应用程序。

Note that I've not got a virtual directory, I've just 2 different web apps.

问题：当我从mySecondSite达到myFirstSite登录页面，我从来没有从登录页面重定向，这似乎是一个cookie不会被写入。

The problem: When I reach myFirstSite login page from mySecondSite I never get redirected from the login page, it seems like a cookie isn't being written.

下面是关于这一问题的一些片段：

The following is a few snippets about the issue:

MyFirsSite：

MyFirsSite:

 <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />
        <authentication mode="Forms">
            <forms loginUrl="login.aspx" name="authCookie" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>
            <deny users="?" />
            <allow users="*"/>
        </authorization>

MyFirstSite code背后：

MyFirstSite code behind:

 FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, "userName..", DateTime.Now, DateTime.Now.AddMinutes(30), true, "roles..");

        string ticket = FormsAuthentication.Encrypt(fat);

        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticket);
        authCookie.Expires = fat.Expiration;
        authCookie.Domain = "myDomain.com";
        Response.Cookies.Add(authCookie);

//Here is other stuff about querystring checking in order to execute exact redirect, however it's not working, I always return to the login page.

MySecondSite：

MySecondSite:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
        <authentication mode="Forms">
            <forms loginUrl="http://myFirstSite.domain.com/login.aspx?queryStringToIndicateUrlPage" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>

嗯，这就是全部。不幸的是这是行不通的。

Well, that's all. Unfortunately it doesn't work.

请，不注重 queryStringToIndicateUrlPage ，它只是为了知道我是否必须在相同的应用程序或在另一个重定向一个简单的解决方法。

Please, don't pay attention to queryStringToIndicateUrlPage, it's only a simple workaround in order to know whether I must redirect on the same app or on the another one.

推荐答案

由于您使用的两个域之间的共享基于Cookie的身份验证，则需要表明这一点在＆LT;形式＆GT; 元素：

As you're using cookie based authentication shared between two domains, you'll need to indicate this in the <forms> element:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
    <authentication mode="Forms">
        <forms domain=".domain.com" ... />
    </authentication>

请注意最初的。在域名，从而使子域之间的cookie共享的面前。

Note the initial "." in front of the domain name, which enables sharing of cookies between subdomains.

这篇关于AuthenticationForm - 跨站点的Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！