在两个Web应用程序间共享身份验 [英] Sharing authentication between two web applications

问题描述

我有一个在ie下运行的基本网站（ Asp.net WebForms 应用程序）。

I have a base web site (Asp.net WebForms application) running under ie.

http://localhost:90/

然后我创建了一个新的（这次 Asp .net MVC ）应用程序并将其添加到

Then I created a new (this time Asp.net MVC) application and added it under

http://localhost:90/mvc/

但不仅仅是作为一个简单的虚拟文件夹，而是通过定义一个应用程序文件夹与父应用程序相比，运行它的应用程序池不同。

but not just as a simple virtual folder, but as an application folder by defining a different application pool to run it, compared to the parent application.

由于浏览器无法知道那里两个不同的应用程序基本上在同一个域上它的工作方式如下：

Since browsers can't know that there are two different application basically on the same domain it would work like:

1. 用户访问 http：// localhost： 90 /


2. 父app将用户重定向到表单身份验证屏幕


3. 用户成功登录


4. 父网站添加身份验证Cookie


5. 用户访问 http：// localhost：90 / mvc


6. 浏览器从父应用程序附加相同的cookie

1. user accesses http://localhost:90/
2. parent app redirects the user to forms authentication screen
3. user successfully logs in
4. parent web adds an authentication cookie
5. user accesses http://localhost:90/mvc
6. browser attaches the same cookie from parent app

我是否有可能对其进行身份验证用户基于这个相同的cookie？我将配置我的MVC应用程序登录重定向到父应用程序以具有共享身份验证屏幕。但我想知道从那时起对谁进行了身份验证和工作。

Is it possible that I authenticate the user based on this same cookie? I would configure my MVC application to login redirect to parent app to have a shared authentication screen. But I'd like to know who authenticated and work from that point on.

我已经阅读了有关共享相同 system.web /的内容machineKey 提供这种功能的值，但我想要一些真实世界的例子。

I've read something about sharing the same system.web/machineKey values to provide this kind of functionality, but I would like some real world examples.

我知道这两个应用程序不会能够共享会话状态，这不是问题，因为我不希望它们。我想要的只是一种单一登录（SSO / SSS）

I'm aware that these two applications will not be able to share Session state and that's not a problem, because I don't want them to. All I want is a kind of single login (SSO/SSS)

这可能吗？怎么样？

我已经阅读了有关此问题的其他问题/答案，但他们要么询问跨域/跨服务器等。一个是在同一个IIS网站上。

I've read other questions/answers about this, but they are either asking about cross-domain/cross-server etc. This one is on the same IIS web site.

推荐答案

我自己找到了。

这是MSDN上关于这个场景的文章。无论如何，对于那些稍后会追逐相同信息的人，我决定保留这个问题。

This is the article on MSDN that talks exactly about this scenario. I decided to keep this question anyway for anyone that would be chasing the same information some time later.

MSDN：跨应用程序进行表单身份验证

您必须在两个应用程序的 web.config 中配置机器密钥，以便它们匹配，因此它们将能够解码另一方的数据产生。这就是整个伎俩。 MSDN文章详细解释了这一点，包括如何生成这些密钥。

You have to configure machine keys in web.config of both applications so they match hence they'll be able to decode data that the other party generated. And that's the whole trick. MSDN article explains this in great detail including how to generate those keys.

这篇关于在两个Web应用程序间共享身份验的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！