为共享方式在同一个域窗体MVC.net和Web API站点之间的身份验证登录 [英] Method for Sharing Forms Authentication Login between MVC.net and Web API Sites on the Same Domain
问题描述
我将有一个ASP.net MVC网站(example.com),并在同一个域中的Web API网站(api.example.com)运行。什么是使用窗体身份验证,以允许用户登录到MVC站点,有登录由在 [授权] 过滤器接受了最好的,最安全的方式API的网站?此外,还有两个站点将在多个服务器(每个可能有自己的子域)主办的可能性,所以一个解决方案,将允许对方法的单一标志在所有的服务器工作在集群中会preferred。
I am going to have an ASP.net MVC web site (example.com) and a Web API site (api.example.com) running on the same domain. What is the best and most secure way to use Forms Authentication to allow a user to log in to the MVC site, and have that login accepted by the [Authorize] filter in the API site? Additionally, there is the possibility that both sites will be hosted on multiple servers (each of which might have its own subdomain), so a solution that would allow for a single sign on approach to work among all of the servers in the cluster would be preferred.
推荐答案
在这个链接看看的http://www.$c$cproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms这包括详细的答案。
Take a look at this link http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms this covers the answer in detail.
您需要确保所有机器和独立的应用程序在网站上共享一个公共的(但独特的生产)机键,使身份验证Cookie由所有机器/应用程序的信任。
You will need to ensure all machines and separate applications on the site share a common (but unique to production) machine key to allow the authentication cookies to be trusted by all the machines/applications.
如果你只是使用相同的子域名下的虚拟目录,然后简单地协调了web.conig窗体身份验证设置和机键应该让你和非常快速运行。
If you are simply using virtual directories under the same sub domain then simply harmonising the web.conig Forms Auth settings and machine keys should get you up and running very quickly.
如果你想给二级域名的工作,那么你需要改变域在窗体的验证cookie的设置。看到这篇文章的详细信息。
If you want this to work between a second level domain then you need to change the "Domain" setting on the Form's Auth cookie. See the article for details.
这篇关于为共享方式在同一个域窗体MVC.net和Web API站点之间的身份验证登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
