SSO FormsAuthentication-2个应用程序-1 x WebForms和1 x MVC [英] SSO FormsAuthentication - 2 Applications - 1 x WebForms and 1 x MVC

问题描述

我已经阅读了许多帖子，尽管我已经收集了所有我需要的信息，但我无法使它正常工作.因此，我希望有人能指出正确的方向.或者，如果您有一个可行的虚拟项目，那就更好了.我看到的所有示例均未具体满足我的要求2.

I have read many posts and while I have gleaned all the information I need I cannot get this to work. So I am hopeful someone can point me in the right direction. Or if you have a working dummy project(s) even better. All the examples I have see do not specifically deal with my requirement 2.

我有一个使用FormsAuthentication的现有WebForms(W1)应用程序.作为将其迁移到MVC的一部分，我们希望与其并排"创建一个MVC(M1)应用程序，并在那里实现新功能. (当前将整个W1应用程序移植到MVC的范围已超出范围.)现有的FormsAuthentication将被维护并用于两个站点.

I have an existing WebForms (W1) application that uses FormsAuthentication. As part of migrating this to MVC we want to create an MVC (M1) application "alongside" it and implement new functionality there. (It is currently out of scope to port the entire W1 application to MVC.) Existing FormsAuthentication is to be maintained and used for both sites.

这两个应用程序都将在相同的IIS上但在不同的子域下运行:

Both applications will run on the same IIS but under different subdomains as:

• w1.mydomain.com
• m1.mydomain.com

期望

1. 用户将登录到W1，并在通过身份验证后访问M1网址以及W1网址
2. M1应用程序需要知道"哪个用户已登录
3. 通过W1或M1注销将使用户注销其他应用程序

已实施的解决方案

登录:

• 在域级别(即mydomain.com)共享身份验证cookie
• 在W1中成功登录后，重定向到M1以设置用户身份验证Cookie
• 从M1重定向回W1

注销:

• W1/M1调用FormsAuthentication.SignOut();然后重定向到另一边执行相同的操作

配置

W1

web.config

web.config

<machineKey decryption="AES" validation="HMACSHA256" decryptionKey="AutoGenerate" validationKey="AutoGenerate" />
<authentication mode="Forms">
  <forms loginUrl="~/account/login" timeout="120" defaultUrl="~/" domain=".mydomain.com" />
</authentication>
<compilation targetFramework="4.6.1"></compilation>
<!-- requestValidationMode needs to remain -->
<httpRuntime targetFramework="4.6.1" requestValidationMode="2.0" 
             maxRequestLength="20480" executionTimeout="300" />

/account/login上的登录控件

login control on /account/login

<asp:Login ID="idLogin" runat="server" ViewStateMode="Disabled"  DestinationPageUrl="~/sso/BounceLogin.aspx" >

BounceLogin.aspx后面的代码:

Code behind for BounceLogin.aspx:

public partial class BounceLogin : Page
{
    protected void Page_Load(object aSender, EventArgs aArgs)
    {
        Response.Redirect("https://m1.mydomain.com/sso/login");
    }
}

M1

web.config

web.config

<machineKey decryption="AES" validation="HMACSHA256" decryptionKey="AutoGenerate" validationKey="AutoGenerate" />
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<authentication mode="Forms">
  <forms loginUrl="https://w1.mydomain.com/account/login" timeout="120" domain=".mydomain.com" />
</authentication>

SSO控制器:

public class SsoController : Controller
{
    [Authorize]
    // GET: Secure
    public ActionResult Index()
    {
        return View();
    }

    public ActionResult Status()
    {
            return View(new ViewModel
            {
                TheUser = User
            });
    }

    public ActionResult Logout()
    {
        FormsAuthentication.SignOut();
        return Redirect("https://w1.mydomain.com/");
    }

    public ActionResult Login()
    {
        FormsAuthentication.SetAuthCookie("test@mydomain.com", false);
        return Redirect("https://w1.mydomain.com/sso/BounceLoginReturn");
    }
}

互动

因此，当我使用测试用户test@mydomain.com登录时，会发生以下情况. (为了简化代码，我省略了传递给M1的用户名.)

So here is what happens when I log in with my test user: test@mydomain.com. (I have omitted the username passing to M1 to keep the code simpler).

A. w1.mydomain.com/account/login-执行成功登录并重定向到m1.mydomain.com/sso/login

A. w1.mydomain.com/account/login - Perform Successful Login and redirect to m1.mydomain.com/sso/login

B. m1.mydomain.com/sso/login-为用户test@mydomain.com设置cookie并重定向到w1.mydomain.com/BounceLoginReturn

B. m1.mydomain.com/sso/login - Sets cookie for user test@mydomain.com and redirects to w1.mydomain.com/BounceLoginReturn

问题

当我返回到w1.mydomain.com/BounceLoginReturn时，W1仍然认为我尚未登录，并将我重定向到w1.mydomain.com/account/login. (如果我在另一个浏览器选项卡中打开M1，它会告诉我我以user@test.com的身份登录)

When I return to w1.mydomain.com/BounceLoginReturn W1 still thinks I am not logged in and redirects me to w1.mydomain.com/account/login. (If I open M1 in another browser tab it tells me I am logged in as user@test.com)

我已经检查过，并且w1.mydomain.com和m1.mydomain.com都为域.mydomain.com设置了相同的cookie值.

I have checked and both w1.mydomain.com and m1.mydomain.com have the same cookie value set for the domain .mydomain.com.

那么我在做错什么时让W1认为我没有登录吗，请记住我最初是通过其中包含的asp:Login控件登录的?

So what am I doing wrong here to make W1 think I am not logged in bearing in mind I originally logged in via the asp:Login control it contains?

推荐答案

如果其他任何人遇到此问题，则证明解决方案很简单.我上面的代码在功能上是正确的.但是，我确实需要使用硬编码键:

If anyone else has this issue it turns out the solution was simple. My code above was functionally correct. I did however need to use hard coded keys:

<machineKey decryption="AES" validation="HMACSHA256" decryptionKey="{Hard Coded Key Here}" validationKey="{Hard Coded Key Here}" />

有大量的站点可以生成这些站点，但是最简单的方法是使用IIS本身:

There are heaps of sites out there to generate these, but the easiest way is using IIS itself:

，然后在右侧使用生成密钥".

and then use "Generate Keys" on the right hand side.

这篇关于SSO FormsAuthentication-2个应用程序-1 x WebForms和1 x MVC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！