ASP.NET将用户重定向凭据区域网站 [英] ASP.NET redirecting users credentials to regional sites

问题描述

我们有两个相同的网站。位于apac.ourdomain.com一个和另一个在eu.ourdomain.com。关于这些网站的唯一区别是一个被在澳大利亚托管，而另一个是在伦敦。他们支持到数据库具有相同的架构，除了一个在澳大利亚，另一个是在伦敦，在该地区与我们的合作伙伴每个存储数据。

we have two identical websites. One located at apac.ourdomain.com and the other at eu.ourdomain.com. The only differences about these websites are one is hosted in Australia, and the other is in London. The databases they backed onto have identical schema, except one is in Australia, and the other is in London, each storing data related to our partners in the region.

我们要做的是实现使用窗体身份验证某种形式的集中式着陆页@ www.ourdomain.com的。一旦合作伙伴登录到www.ourdomain.com，我们会重定向到无论是亚太地区和欧盟的服务器​​。我的挑战是如何从网站登陆的用户凭据传输到区域网站？通过证书，我的意思是一切从自己的用户名，以他们的角色/权限。一旦用户被重定向到区域网站，我怎么让他们回到着陆点如果他们需要修改他们的详细资料？

What we want to do is implement some form of centralise landing page @ www.ourdomain.com using forms authentication. Once a partner logs on to www.ourdomain.com, we will redirect them to either the apac or the eu server. My challenge is how do I transfer the user credentials from the landing site to the regional site? By Credentials, I mean everything from their username to their roles / permissions. And once a user is redirected to the regional site, how do i get them back to the landing site should they required to modify their details?

我知道我需要有细节分贝登陆网站集中的用户，但它是通信，并从区域网站后，我是不确定的。任何指针？

I know I will need to have a centralised user details db for the landing site, but it is the communication to and from the regional site afterward that I'm uncertain about. Any pointers?

推荐答案

您可能只在这个共同的数据库，如用户名和密码或情况而定密码哈希但没有权限和事物的一些基本信息。权限和其他此类信息可/应驻留在各自的区域数据库。

You could have only some basic information in this common database such as username and password or password hash as the case may be but none of the permissions and things. The permissions and other such information can/should reside in the respective regional databases.

当用户通过验证后，你已经基本上设置cookie。该Cookie通常加密。但恰巧加密是该机的具体。所以期待它的工作一个接一个的服务器将无法正常工作，除非你在你的配置文件中配置的machineKey的
http://msdn.microsoft.com/en-us/library/ff649308.aspx

When a user is authenticated you've essentially set a cookie. The cookie is typically encrypted. But it so happens that the encryption is machine specific. so expecting it to work one the other server won't work, unless you configure the machineKey in your config file http://msdn.microsoft.com/en-us/library/ff649308.aspx

默认ASP.NET设置确保窗体身份验证票是防篡改和加密，并ViewState是防篡改。这确保了当服务器处理数据中检测到的ViewState或认证车票或客户端的计算机上，或通过网络进行任何修改。

The default ASP.NET settings ensure that forms authentication tickets are tamper proof and encrypted, and that ViewState is tamper proof. This ensures that any modification of the ViewState or authentication tickets either on the client's computer or over the network is detected when the server processes the data.

Cookie是特定领域，除非你设置一个cookie时指定的根域，它不会提供给子域。

Cookies are domain specific and unless you specify the root domain when setting a cookie, it won't be available to sub domains.

在原则上，可以说你为自己设定一个cookie。这种饼干含有用户id的值和日期时间。这个信息是加密的，该cookie设置为根域。然后，当你重定向到区域网站，你可以提取的cookie，解密和自动登录用户。

In principal, lets say you set a cookie yourself. This cookies contained the userId as the value and a datetime. This information is encrypted and the cookie is set for the root domain. Then when you redirect to the regional website you can extract the cookie, decrypt it and "auto log-in" the user.

如果你依靠FormsAuthentication框架来完成所有的工作，为你，那么你不能简单地调整设置得到这个工作。现在，您可以使用FormsAuthentication概念，做你自己的身份验证。但是，这可能是，如果你不很熟悉HTTP和ASP.NET，事情太复杂了。

If you're relying on the FormsAuthentication framework to do all the work for you then you can't simply tweak a setting to get this working. Now you can use the FormsAuthentication concept and do you own authentication. But this might be too complicated if you're no very familiar with Http and ASP.NET and things.

另一种方法可能会更好取决于如何安全的东西必须是用制作普通的HTTP调用做我前面的差异说明，当一个区域网站收到此重定向页面，则可以使用中央数据库确认HttpWebRequest的或类似的在中心Web应用程序的处理程序，以验证该用户确实是给从中央系统这个cookie。

Another alternative and probably better depending on how secure things need to be is to do what I described earlier with the difference that when a regional site receives this redirected page, you can confirm against the central database by making a regular http call using HttpWebRequest or similar to a handler on central web application to verify that the user was indeed given this cookie from your central system.

另一个选择就是为什么多个物理站点打扰。只是主机中央系统，并根据onthe用于登录使用的用户，连接到一个数据库的差异和潜在的其他方面的改变，以及，但只有一个系统的实例和一个域。

another option is why bother with multiple physical sites. Simply host a central system and depending onthe user that logs use, connect to a difference database and potentially other aspects change as well but there is only one instance of the system and one domain.

这篇关于ASP.NET将用户重定向凭据区域网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！