表单身份验证-共享Cookie MVC和Web表单 [英] Forms Authentication - Share Cookie MVC and Web Forms

问题描述

我在同一个域中有两个应用程序，例如：

I have two applications in the same domain, like this:

http://example.com/MvcApp
http://example.com/WebFormsApp

正如预期的那样，其中之一就是ASP.NET MVC 5 ，另一个是Web窗体，都使用.NET Framework 4.6.1。

As expected, one is ASP.NET MVC 5, the other is Web Forms, both using .NET framework 4.6.1.

ASP.NET MVC 5，我正在创建表单身份验证Cookie，如下所示：

In the ASP.NET MVC 5, I'm creating the forms authentication cookie like this:

var ticket = new FormsAuthenticationTicket(1,
    userName,
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    true,
    userData,
    FormsAuthentication.FormsCookiePath
);

var encTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
Response.Cookies.Add(cookie);

我的web.config看起来像这样：

My web.config looks like this:

<system.web>
  <authentication mode="Forms">
    <forms name=".ASPXFORMSAUTH" loginUrl="/Account/Login" defaultUrl="default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile"/>
  </authentication>
  <compilation debug="true" targetFramework="4.6.1" />
  <httpRuntime targetFramework="4.6.1" />
  <machineKey validationKey="D011D22E385D3BC154D5CF0FCC15EF4843A468FB866FD6EEC533E1E30E6F097232DD9698E62DE6F176BA0DAB9E6925089EB25B20C57C659DD52F78DC025E192B" decryptionKey="5A350E0E7EDF07E5633B492B2F1A17ABC4DF5CF55C8922BD021C344ACE66CA42" validation="SHA1" decryption="AES"/>
</system.web>

---

Web Forms应用程序

在Web表单应用程序中，web.config如下所示：

---

Web Forms App

In the web forms app, the web.config looks as follow:

<system.web>
  <globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="pt-BR"/>
  <customErrors mode="Off"/>
  <authentication mode="Forms">
    <forms name=".ASPXFORMSAUTH" loginUrl="che-login-win.aspx" defaultUrl="default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile"/>
  </authentication>
  <identity impersonate="true"/>
  <authorization>
    <deny users="?"/>
  </authorization>
  <machineKey validationKey="D011D22E385D3BC154D5CF0FCC15EF4843A468FB866FD6EEC533E1E30E6F097232DD9698E62DE6F176BA0DAB9E6925089EB25B20C57C659DD52F78DC025E192B" decryptionKey="5A350E0E7EDF07E5633B492B2F1A17ABC4DF5CF55C8922BD021C344ACE66CA42" validation="SHA1" decryption="AES"/>
  <httpRuntime requestValidationMode="2.0" maxRequestLength="8192" executionTimeout="9999"/>
</system.web>

---

您可能已经注意到，两个web.configs forms 标记使用相同的名称，并且它们使用相同的计算机密钥属性。它们位于我的IIS中位于相同域（没有子域）下的同一网站内。

---

As you may have noticed, both web.configs are using the same name for the forms tag, and they are using the same machine key attributes. They reside inside the same website in my IIS, under the same domain (there are no subdomains).

当我登录MVC应用程序时，如果打开浏览器控制台，我可以在其中看到我在web.config中设置的名称的Cookie。

When I login in the MVC app, if I open the browser console, I can see the Cookie there with the name I set in web.config.

但是，如果我打开Web表单应用，它将重定向到登录页面，好像我没有登录。当我在Web窗体应用程序选项卡中打开浏览器控制台时，也可以在其中看到Cookie。

However, if I open the web forms app, it redirects me to the login page, as if I wasn't logged in. When I open the browser console in the web forms app tab, I can see the cookie there as well.

Web窗体项目有一个登录页面可以像MVC一样创建Forms Ticket和Cookie，当我从那里登录时，它可以正常工作。

The web forms project has a login page which creates the Forms Ticket and the Cookie likewise the MVC does, and when I login from there, it works.

我丢失了什么？

推荐答案

我目前正为这个完全相同的问题而苦苦挣扎。如果您的示例可用，请发布解决方案。

I am currently struggling with this exact same issue. If you got your example to work, please post the solution.

似乎您已经根据有关MSDN文档完成了所有必需的操作：

It seems that you have done everything that is required based on the relevant MSDN documentation:

除非另有说明，否则名称，保护，路径，validationKey，validation，decryptionKey和解密属性在所有应用程序中必须相同。同样，用于身份验证票证（cookie数据）的加密和验证密钥值以及加密方案和验证方案必须相同。
MSDN源代码

不过，正如评论中提到的@ NightOwl888一样，您需要在两个应用程序中都设置 enableCrossAppRedirects = true 。

As @NightOwl888 mentioned in the comments though, you need to set enableCrossAppRedirects= true in both applications.

https://docs.microsoft.com/zh-cn/dotnet/api/system.web.security.formsauthentication.enablecrossappredirects?view=netframework-4.7.2

我发现这个较旧的SO问题很有帮助。最终在测试服务器上为我工作，但在生产环境中却没有。必须有其他未记录的相关设置。

I found this older SO question helpful. This ended up working for me on our Test servers, but not in Production. There must be additional undocumented relevant settings.

这篇关于表单身份验证-共享Cookie MVC和Web表单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！