在 ASP.Net Webforms 和 MVC 中实现单点登录 [英] Implementing single-sign on in ASP.Net Webforms and MVC
问题描述
我有一个现有的 WebForms 应用程序,我们现在正在创建一个新的 MVC 应用程序.它们都使用我们自己的自定义提供程序进行身份验证,使用相同的数据库.
I have an existing WebForms application and we're now creating a new MVC application. They both authenticate using our own custom provider, using the same database.
我可以使用相同的凭据分别成功登录每个应用程序,但我现在想要的是实现单点登录(即:如果用户已经登录了 app1,app2 会自动检测用户的设置并确定他已登录).
I can successfully log in in each application separately using the same credentials, but what I now want is to implement a single-sign on (ie: if the user is already logged in in app1, app2 would automatically detect the user's settings and identify him as being logged in).
I have done my homework and read the references here, here and here, amongst others.
到目前为止,我已经完成了以下工作:
So far I have done the following:
在两个站点上设置相同的 machineKey:
Set the same machineKey on both sites:
在两个站点上设置相同的表单身份验证:
Set the same forms auth on both sites:
尽管如此,我还是无法让 SSO 正常工作.我管理了单点注销",即当用户注销一个站点时,他也从另一个站点注销.
Despite all of this, I haven't managed to get SSO working. I have managed 'Single-sign off', whereby when the user signs off one site, he's signed off from the other.
有什么我遗漏的吗?
我想要一个仅配置的解决方案,不需要我进行任何编码.
I would like a configuration-only solution, that does not require me to do any coding.
推荐答案
我回答我自己的问题只是为了结束.
I am answering my own question just for closure's sake.
我的 SSO 无法正常工作的原因是,现有的主要网站有自己的 cookie 和会话管理器,并且不遵守 Forms 身份验证的规则.它调用
The reason why my my SSO was not working is because the main, existing website has its own cookie and session manager, and does not play by the rules of Forms authentication. It calls
FormsAuthentication.SignOut();
登录完成后不久.
我在 3 个不同的网站、MVC 和 WebForms 的混合体、不同的管道(集成 vs 经典)以及我们的自定义成员资格提供商中尝试了上述配置,并且一切都非常出色.
I tried the configurations mentioned above with 3 different websites, a mixture of MVC and WebForms, different pipelines (integrated vs classic), with our custom membership provider, and it all worked marvellously.
因此,只要您的应用程序不使用表单身份验证做有趣的事情,上面定义的步骤就应该可以工作.
So the steps defined above should work as long as your application does not do funny things with forms authentication.
这篇关于在 ASP.Net Webforms 和 MVC 中实现单点登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
