如何在应用程序域之间传递经过身份验证的会话 [英] How do you pass an authenticated session between app domains
问题描述
让我们说您拥有网站www.xyz.com和www.abc.com.
Lets say that you have websites www.xyz.com and www.abc.com.
让我们说一个用户访问www.abc.com并通过常规ASP .NET成员资格提供程序进行身份验证.
Lets say that a user goes to www.abc.com and they get authenticated through the normal ASP .NET membership provider.
然后,从该站点将它们发送到(重定向,链接,无论工作正常)站点www.xyz.com,站点www.abc.com的目的是将该用户作为状态传递给另一个站点.的isAuthenticated,因此网站www.xyz.com不再要求该用户的凭据.
Then, from that site, they get sent to (redirection, linked, whatever works) site www.xyz.com, and the intent of site www.abc.com was to pass that user to the other site as the status of isAuthenticated, so that the site www.xyz.com does not ask for the credentials of said user again.
此功能需要什么?我对此有一些约束,用户数据库是完全独立的,它不是组织内部的,在所有方面,就像经过身份验证的从stackoverflow.com传递到google一样,本质上是独立的.指向相关文章的链接就足够了.
What would be needed for this to work? I have some constraints on this though, the user databases are completely separate, it is not internal to an organization, in all regards, it is like passing from stackoverflow.com to google as authenticated, it is that separate in nature. A link to a relevant article will suffice.
推荐答案
通过设置web.config身份验证部分,尝试使用FormAuthentication,如下所示:
Try using FormAuthentication by setting the web.config authentication section like so:
<authentication mode="Forms">
<forms name=".ASPXAUTH" requireSSL="true"
protection="All"
enableCrossAppRedirects="true" />
</authentication>
生成机器密钥.示例:生成MachineKey的最简单方法–技巧:ASP.NET,IIS ...
Generate a machine key. Example: Easiest way to generate MachineKey – Tips and tricks: ASP.NET, IIS ...
在发布到另一个应用程序时,身份验证票证将作为隐藏字段传递.从第一个应用程序读取帖子时,第二个应用程序将读取加密的票证并验证用户身份.这是传递该字段的页面的示例:
When posting to the other application the authentication ticket is passed as a hidden field. While reading the post from the first app, the second app will read the encrypted ticket and authenticate the user. Here's an example of the page that passes that posts the field:
.aspx:
<form id="form1" runat="server">
<div>
<p><asp:Button ID="btnTransfer" runat="server" Text="Go" PostBackUrl="http://otherapp/" /></p>
<input id="hdnStreetCred" runat="server" type="hidden" />
</div>
</form>
隐藏代码:
protected void Page_Load(object sender, EventArgs e)
{
FormsIdentity cIdentity = Page.User.Identity as FormsIdentity;
if (cIdentity != null)
{
this.hdnStreetCred.ID = FormsAuthentication.FormsCookieName;
this.hdnStreetCred.Value = FormsAuthentication.Encrypt(((FormsIdentity)User.Identity).Ticket);
}
}
Also see the cross app form authentication section in Chapter 5 of this book from Wrox. It recommends answers like the ones above in addition to providing a homebrew SSO solution.
这篇关于如何在应用程序域之间传递经过身份验证的会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
