如何在ASP.Net MVC应用程序中使用身份验证cookie WCF身份验证服务 [英] How to use authentication cookie from WCF Authentication Service in an ASP.Net MVC application

问题描述

好吧，我有一点运气找到我的具体情况的任何文档或教程。

Okay, I've had little luck finding any documentation or tutorials for my specific scenario.

我将使用WCF服务，为一切，包括身份验证和角色（通过对WCF后端会员供应商）一个ASP.Net MVC的Web应用程序。

I have an ASP.Net MVC web application that will be using WCF services for everything including authentication and roles (via membership providers on the WCF backend).

我已经没有问题，设置身份验证服务，但它不设置在Web应用程序的cookie。为<一的文档href=\"http://msdn.microsoft.com/en-us/library/system.web.applicationservices.authenticationservice.login%28v=VS.100%29.aspx\">Login该服务的方法表明接线了CreatingCookie事件是可能的，但它没有客户端上的任何影响（我试过在服务端为好，又没有影响）。所以我想通了如何捕捉饼干。我曾尝试手动设置客户端上的身份验证cookie的，但到目前为止，它不工作;解密失败，因为填充，并设置从服务器给出的cookie值由客户端无法读取。

I've had no problem setting up the authentication services but it does not set a cookie in the web app. The docs for the Login method of the service indicate that wiring up the CreatingCookie Event is possible, but it does not have any affect on the client (I tried on the service side as well, again no affect). So I figured out how to capture the cookie. I have tried to manually set the auth cookie on the client, but so far it is not working; decrypting fails due to padding, and setting the cookie value from the one given by the server is not readable by the client.

是否有人知道你应该如何使用由WCF身份验证服务所产生的饼干吗？难道我只是假设会话的WCF服务器上的所有管理，只是检查IsLoggedIn（）上的服务在每个页面加载？

Does anybody know how you are supposed to use the cookie that is generated by the WCF Authentication Service? Do I just assume the session is all managed on the WCF server and just check IsLoggedIn() on the service at every page load?

先谢谢了。

推荐答案

我最近一直在努力执行你所描述的相同的功能。我设法得到它具有以下code工作：

I have recently been trying to implement the same functionality you have described. I have managed to get it working with the following code:

    private readonly AuthenticationServiceClient service = new AuthenticationServiceClient();

    public void SignIn(string userName, string password, bool createPersistentCookie)
    {
        using (new OperationContextScope(service.InnerChannel))
        {
            // login
            service.Login(userName, password, String.Empty, createPersistentCookie);

            // Get the response header
            var responseMessageProperty = (HttpResponseMessageProperty)
                OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name];

            string encryptedCookie = responseMessageProperty.Headers.Get("Set-Cookie");

            // parse header to cookie object
            var cookieJar = new CookieContainer();
            cookieJar.SetCookies(new Uri("http://localhost:1062/"), encryptedCookie);
            Cookie cookie = cookieJar.GetCookies(new Uri("http://localhost:1062/"))[0];

            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
            if (null != ticket)
            {
                //string[] roles = RoleManager.GetRolesFromString(ticket.UserData); 
                HttpContext.Current.User = new GenericPrincipal(new FormsIdentity(ticket), null);
                FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, createPersistentCookie);
            }
        }
    }

这不正是你所描述的评论你的问题。

It does exactly what you have described the comment to your question.

修改

我在这里张贴这code的服务器端部分，以供参考。

I am posting here the Server-Side portion of this code for reference.

public class HttpResponseMessageInspector : BehaviorExtensionElement, IDispatchMessageInspector, IServiceBehavior
{
    public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
    {

        HttpRequestMessageProperty httpRequest = request.Properties[HttpRequestMessageProperty.Name]
        as HttpRequestMessageProperty;

        if (httpRequest != null)
        {
            string cookie = httpRequest.Headers[HttpRequestHeader.Cookie];

            if (!string.IsNullOrEmpty(cookie))
            {
                FormsAuthentication.Decrypt(cookie);
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie);
                string[] roles = PrincipalHelper.GetUserRoles(authTicket);
                var principal = new BreakpointPrincipal(new BreakpointIdentity(authTicket), roles);

                HttpContext.Current.User = principal;                  
            }
            // can deny request here
        }

        return null;
    }
}

这篇关于如何在ASP.Net MVC应用程序中使用身份验证cookie WCF身份验证服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！