ASP.NET Web表单,并通过cookie的MVC认证共享 [英] ASP.NET webforms and MVC authentication sharing via cookie
问题描述
有似乎是答案,我暴露出的问题$ P $垫在多个岗位的部分,但将其组合在一起迄今没有为我工作,所以我希望在这个职位回答会形成较完整的指南
问题
我有一个ASP.NET web表单应用程序(W1),我想经过一段时间开始升级到一个单独的MVC应用程序(M1)。含W1的解决方案已经升级到4.5和M1已在解决方案中创建的。 W1使用ASP.Net会员框架。
测试用例
在M1,我加入了授权属性关于页中的HomeController
[授权]
公众的ActionResult关于()
我添加了一个链接到M1关于页面,在登录从W1一个页面,要求用户发起。
的预期
我希望用户能够登录到W1,单击关于页面的链接,M1和自动登录到M1。
配置
步骤1我已经使用方法概述
继信息这里和<一个href=\"http://stackoverflow.com/questions/8278015/forms-authentication-across-sub-domains-on-local-iis\">here,和可观的调试后,我已经修改了项目的Web.config文件的部分如下:
有关W1:
&LT;&的System.Web GT;
&LT;身份验证模式=表格&GT;
&LT;形式的名称=WRSAUTH
loginUrl =〜/帐号/的Login.aspx
defaultUrl =Default.aspx的
保护=全部
超时=60
路径=/
域=本地主机
requireSSL =假
slidingExpiration =真
无Cookie =UseCookies
enableCrossAp predirects =FALSE/&GT;
&LT; /认证&GT;
&LT;的machineKey的validationKey =&LT;&的validationKey GT;
decryptionKey =下; DecryptionKey&gt;中
验证=SHA1
解密=AES/&GT;
&LT;编译调试=真targetFramework =4.5&GT;
&LT;的httpRuntime的maxRequestLength =12288/&GT;
&LT; /system.web>
有关M1:
&LT;&的System.Web GT;
&LT;身份验证模式=表格&GT;
&LT;形式的名称=WRSAUTH
loginUrl =〜/帐号/登录
defaultUrl =〜/
保护=全部
超时=60
路径=/
域=本地主机
requireSSL =假
slidingExpiration =真
无Cookie =UseCookies
enableCrossAp predirects =FALSE/&GT;
&LT; /认证&GT;
&LT;的machineKey的validationKey =&LT;&的validationKey GT;
decryptionKey =下; DecryptionKey&gt;中
验证=SHA1
解密=AES/&GT;
&LT;编译调试=真targetFramework =4.5/&GT;
&LT;的httpRuntime targetFramework =4.5/&GT;
&LT; /system.web>
&LT; system.webServer&GT;
&LT;模块&gt;
&LT;! - &LT;清除NAME =FormsAuthentication/&GT; - &GT;
&LT; /模块&gt;
&LT; /system.webServer>
当前状态
当在W1哪些目标M1有关页面点击链接,用户没有授权,并与登录屏幕psented $ P $。
时有什么我在配置丢失?
最后走上这工作!
1)不与当地一起工作本地主机或.localhost设置为域
2)在W1需要添加属性targetFramework =4.5来的httpRuntime
3)W1需要添加&LT;添加键=ValidationSettings:UnobtrusiveValidationModeVALUE =无/&GT; 中的AppSettings节点(标签)
希望我花张贴这问题和答案可以帮助别人的时间。我发现在很多帖子这个解决方案的部分,但是这使他们都在一起。
There seems to be parts of the answers to my problem spread over multiple posts but putting it together hasn't worked so far for me, so I hope when this post is answered it will form more complete guide
The problem
I have an ASP.NET webforms application (W1) and I would like to begin an upgrade to a separate MVC application (M1) over a period of time. The solution containing W1 has been upgraded to 4.5 and M1 has been created in the solution. W1 uses the ASP.Net membership framework.
The test case
In M1, I added the Authorize attribute to the About page in the HomeController
[Authorize]
public ActionResult About()
I added a link to the about page in M1, originating from a page in W1 that requires the user to be logged in.
The expectation
I expect a user to be able to log into W1, click the link to the M1 about page and be automatically logged in to M1.
The configuration
Step 1I have extracted the validationKey and decryptionKey from W1 using the method outlined here. Although this seems like a logical step I am not sure it is required as different keys still allow for a user to log in to W1.
Step 2Following the information here and here, and after considerable debugging I have modified sections of the Web.config files for the projects as follows;
For W1:
<system.web>
<authentication mode="Forms">
<forms name="WRSAUTH"
loginUrl="~/Account/Login.aspx"
defaultUrl="Default.aspx"
protection="All"
timeout="60"
path="/"
domain=".localhost"
requireSSL="false"
slidingExpiration="true"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<machineKey validationKey="<ValidationKey>"
decryptionKey="<DecryptionKey>"
validation="SHA1"
decryption="AES"/>
<compilation debug="true" targetFramework="4.5">
<httpRuntime maxRequestLength="12288" />
</system.web>
For M1:
<system.web>
<authentication mode="Forms">
<forms name="WRSAUTH"
loginUrl="~/Account/Login"
defaultUrl="~/"
protection="All"
timeout="60"
path="/"
domain=".localhost"
requireSSL="false"
slidingExpiration="true"
cookieless="UseCookies"
enableCrossAppRedirects="false"/>
</authentication>
<machineKey validationKey="<ValidationKey>"
decryptionKey="<DecryptionKey>"
validation="SHA1"
decryption="AES"/>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.webServer>
<modules>
<!--<remove name="FormsAuthentication"/>-->
</modules>
</system.webServer>
Current Status
When clicking on the link in W1 which targets the M1 about page, the user is not authorized and is presented with the log in screen.
Is there something I am missing in the configuration?
Finally go this to work!
1) Does not work with locally with localhost or .localhost set as the domain
2) In W1 needed to add the attribute targetFramework="4.5" to httpRuntime
3) In W1 needed to add <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" /> within the AppSettings node (tag)
Hope the time I spent posting this question and answer helps someone. I found pieces of this solution across many posts, but this brings them all together.
这篇关于ASP.NET Web表单,并通过cookie的MVC认证共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
