如何将基于cookie的httpwebrequest启动会话持久保存/移交给Web浏览器 [英] How do I persist/hand-off a cookie-based httpwebrequest initiated session to the web browser

问题描述

我为一个更大的Web应用程序编写了一个MVC控制器，它有助于使用SAML 2.0与业务合作伙伴进行SSO集成。

Web应用程序的用户必须首先在访问之前对Active Directory进行身份验证。



应用程序只是为当前登录的用户从AD对象中提取其他数据，然后使用此数据生成SAML断言，然后将其发布到他们的SSO提供商Url使用以下代码：

 / * Build& Post Assertion * / 
 string _ssoPostData = _sso.GenerateRequest（）; 
 
 / *向提供者发送数据* / 
 _request =（HttpWebRequest）WebRequest.Create（_sso.Recipient）; 
 _request.CookieContainer = _cookieContainer; 
 _request.AllowAutoRedirect = true; 
 _request.UserAgent =身份提供商客户; 
 _request.Method =POST; 
 _request.ContentType =application / x-www-form-urlencoded; 
 _request.ContentLength = _ssoPostData.Length; 
 
 Stream _requestStream = _request.GetRequestStream（）; 
 _requestStream.Write（System.Text.Encoding.UTF8.GetBytes（_ssoPostData），0，_ssoPostData.Length）; 
 
 _response =（HttpWebResponse）_request.GetResponse（）; 

我正试图解决的问题这是;在建立WebRequest并建立与服务器的连接时，服务器为此连接分配JSESSIONID。收到的响应包含用户应重定向到的目标URL以及2个cookie，一个具有JSESSIONID值，另一个具有USERID值，必须在每次后续调用服务器时返回。

所以我的问题是，有没有办法在向SSO服务器建立Web请求/会话时创建会话/ cookie，并将该会话交还给Web应用程序启动的浏览器从？



非常感谢任何帮助。



谢谢，

理查德



我的尝试：



我试过用过

 Response.Redirect（）

通过调用SSO服务返回的Url但仍然使会话无效并将我带回服务登录页面。

解决方案

谢谢F-ES！这很有道理。



感谢您对浏览器行为的洞察力。我今天学了些新东西。 ：）

I have written an MVC controller for a much larger web application that facilitates an SSO integration with a business partner using SAML 2.0.
The users for web application must first authenticate against Active Directory before having access.

The application simply pulls additional data from the AD object for the user currently logged in then uses this data to generate the SAML Assertion and then posts it to their SSO provider Url using the following code:

/* Build & Post Assertion */
string _ssoPostData = _sso.GenerateRequest();

/* Send Data to Provider */
_request = (HttpWebRequest)WebRequest.Create(_sso.Recipient);
_request.CookieContainer = _cookieContainer;
_request.AllowAutoRedirect = true;
_request.UserAgent = "Identity Provider Client";
_request.Method = "POST";
_request.ContentType = "application/x-www-form-urlencoded";
_request.ContentLength = _ssoPostData.Length;

Stream _requestStream = _request.GetRequestStream();
_requestStream.Write(System.Text.Encoding.UTF8.GetBytes(_ssoPostData), 0, _ssoPostData.Length);

_response = (HttpWebResponse)_request.GetResponse();

The problem I'm trying to solve is this; when the WebRequest is made and a connection to the server is established, the server assigns a JSESSIONID for this connection. The response received contains the destination URL the user should be redirected to along with 2 cookies, one with the JSESSIONID value and another with a USERID value, that must be returned with every subsequent call to the server.
So my question is, is there a way to take the session/cookies created when the web request/session is established to the SSO server and hand that session back to the browser that the web application was launched from?

Any help is very much appreciated.

Thanks,
Richard

What I have tried:

I've tried using

Response.Redirect()

with the Url returned by the call to the SSO service but it still invalidates the session and takes me back to the services login page.

解决方案

Thanks F-ES! That makes perfect sense.

And thanks for the insight on browser behavior. I learned something new today. :)

这篇关于如何将基于cookie的httpwebrequest启动会话持久保存/移交给Web浏览器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！