SSO（单点登录）的MVC [英] SSO (Single sign on ) in MVC

问题描述

有没有人实施signgle在MVC上签字？谁能给我单点登录的例子在MVC。

has anyone implemented signgle sign on in MVC? Can anyone give me any example for single sign on in MVC.

推荐答案

我实现托管在同一父域的多个ASP.NET MVC应用程序之间的SSO解决方案（app1.domain.com，app2.domain.com， ...）通过使用窗体身份验证，并在web.config中的cookie设置域财产所有的应用程序：

I've implemented a SSO solution between multiple ASP.NET MVC applications hosted on the same parent domain (app1.domain.com, app2.domain.com, ...) by using Forms Authentication and setting the domain property of the cookie in web.config of all applications:

<forms 
   name="ssoauth" 
   loginUrl="/login" 
   protection="All"
   timeout="120"
   requireSSL="true"
   slidingExpiration="false">
   domain="domain.com" 
/>

当您设置cookie的domain属性，这个cookie将被自动客户端浏览器发送到运行在此领域的所有应用程序，将能够自动认证的用户。

When you set the domain property of the cookie, this cookie will automatically be sent by the client browser to all applications hosted on this domain and will be able to authenticated the user automatically.

如果要实现使用窗体身份验证跨域SSO这里是你能做什么：

If you want to implement a cross domain SSO using Forms Authentication here's what you could do:

1. 的用户导航到 foo.com 及体征，应用托管 foo.com 使用标准表单验证，没有任何幻想。


2. 用户决定去 bar.com 和点击，您创建了一个链接。此链接可能包含其中将包含加密的用户名令牌参数。这<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.encrypt.aspx\">encryption可以使用本机按键和看起来像这样做： https://bar.com?token=ABC


3. 主办的 bar.com 应用程序接收请求，因为它使用的 同一台机器键 为其他应用程序也能够<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.decrypt.aspx\">decrypting令牌并获取用户名。然后，它只是由当地发射验证cookie的用户和用户登录时自动 bar.com 签署。

1. The user navigates to foo.com and signs in. The application hosted on foo.com uses standard Forms Authentication, nothing fancy.
2. The user decides to go to bar.com and clicks on a link that you created. This link could contain a token parameter which will contain the encrypted username. This encryption could be done using the machine keys and look something like this: https://bar.com?token=ABC.
3. The application hosted on bar.com receives the request and because it uses the same machine keys as the other application it is capable of decrypting the token and fetching the username. Then it simply signs in the user by emitting an authentication cookie locally and the user is automatically signed in bar.com.

这篇关于SSO（单点登录）的MVC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！