在父子Web应用程序之间共享身份验证 [英] Sharing authentication between parent and child web applications

问题描述

我们有两个单独的MVC 4 Web应用程序，它们作为同一网站的一部分运行.主(父)项目具有身份验证，并且工作正常.现在，我们已经将第二个项目添加到同一站点(一个页面在子框架中运行)，我们不知道如何使用用户通过父应用程序获得的授权.

We have two separate MVC 4 Web Applications that run as parts of the same website. The main (parent) project has authentication, and it works fine. Now that we've added the second project to the same site (one page that runs in a child frame), we can't figure out how to make it use the authorization that the user has undergone through the parent application.

两者在web.config中都使用相同的forms元素:

Both use the same forms element in web.config:

<forms loginUrl="~/Account/LogOn" name=".ASPXFORMSAUTH"  domain="..." protection="All" timeout="2880"/>

在子项目中，我需要的不只是[Authorize]标签吗?

Do I need more than an [Authorize]-tag in the child project?

[Authorize]
public class HomeController : Controller
{
    ...

    public ActionResult Index()
    {

        return View();
    }

    ...
}

不用说，即使用户登录到父项目，如果我尝试访问子项目的HomeController，页面也会重定向到登录页面.

Probably needless to say, the page is redirected to the logon-page if i try to access the child project's HomeController, even though a user is logged in in the parent project.

两个项目都使用相同的machineKey.

Both projects use the same machineKey.

有什么想法吗?

推荐答案

确保将domain属性设置为父域:

Make sure that the domain property is set to the parent domain:

<forms 
    loginUrl="~/Account/LogOn" 
    name=".ASPXFORMSAUTH"  
    domain="domain.com" 
    protection="All" 
    timeout="2880"
/>

还要确保为两个应用程序设置了相同的机器密钥:

Also make sure that you have set the same machine keys for both applications:

<machineKey validationKey="5C1E392DB9867A990FE0161B8BD07C1B165921DDAB21ADCC4C8F15D67EA2DECD7AEBB04409A411C69CB125EDEA3702B64DF17D47AD951461F444175BDF0277CF" decryptionKey="43CC900E97D496FC6C5C0C12FE005F9E846675C4BD45977BA5CEE852741ED3B6" validation="SHA1" decryption="AES" />

这将确保第一个应用程序加密的表单身份验证cookie可以被第二个应用程序解密.您可以使用以下网站生成强大的机器密钥.

This will ensure that a forms authentication cookie encrypted by the first application could be decrypted by the second. You could use the following website to generate strong machine keys.

(链接已删除.不再有效)

(Link removed. Is no longer valid)

这篇关于在父子Web应用程序之间共享身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！