SSO身份验证后设置FormsAuthentication [英] Setting up FormsAuthentication after SSO authentication
问题描述
我的ASP.NET MVC应用4由SSO(OAM)与运行在IIS上的ISAPI筛选器的保护。当接收到我的应用程序的请求,它是由ISAPI筛选器截获并重定向到SSO。用户在SSO登录,之后他回到了我的申请。
My ASP.NET MVC 4 application is protected by SSO (OAM) with an ISAPI filter running on IIS. When a request to my application is received, it is intercepted by ISAPI filter and redirected to SSO. User has to login at SSO and after that he is returned to my application.
(通过SSO)身份验证的用户的用户名与我的HTTP请求头应用程序共享的。
The username of authenticated user (via SSO) is shared with my application in HTTP Request Headers.
Request.Headers["username"]
我所试图实现的是 - SSO身份验证,设置 FormsAuthentication 我的应用程序中的用户名=请求后, .Headers [用户名] 。这样SSO保持透明,以我的应用程序和用户身份可在HttpContext对象,再加上,我(开发商)可以有效utlize授权属性的特定角色。
What I am trying to achieve is- after SSO authentication, setting FormsAuthentication within my application for username = Request.Headers["username"]. This way SSO remains transparent to my application and Identity of user is available in HttpContext object, plus, I (developer) could effectively utlize Authorize attribute for specific roles.
要实现这个 - 我联播成在session_start(),读 Request.Headers [用户名] ,设置 FormsAuthentication 的cookie。我得到这个SSO用户表单身份验证我的应用程序。
To achieve this- I hookup into Session_Start(), read Request.Headers["username"], Set FormsAuthentication cookie. And I get this SSO user Forms-Authenticated for my application.
但我的问题是当我退出( FormsAuthentication.Signout ),我把它重定向到另一页的应用程序中,这将触发新会议(我可以看到在session_start触发发生这种情况时)
But my problem is when I logout (FormsAuthentication.Signout), I redirect it to another page inside the application, which triggers a new Session (I can see Session_Start triggering when this happens)
我这样做SSO后正确的东西─FormsAuthentication?如果没有的话,为什么不能然后我怎么做我的应用感知SSO的身份验证的用户?
Am I doing the right thing- FormsAuthentication after SSO? And if not, why not and then how do I make my application aware of SSO authenticated user?
推荐答案
我如果请求的URL注销网址的明确杀死里面在session_start的会话。然后用下一个请求(比如从注销重新登录页),它会生成一个新的会话,并运行平稳。
I had to explicitly kill the session inside Session_Start if requested URL is logout URL. And then with next request (like from logout to login page again), it generates a new session and runs smoothly.
protected void Session_Start()
{
if (!Request.IsAuthenticated && !IsSignoutURL)
AcceptSessionRequest(); //process local authentication
else if (IsSignoutURL)
RejectSessionRequest(); //kill the sessions
}
有关SSO如何通过验证用户的身份到我的应用背景,请阅读我给tvanfosson的帖子发表评论。
For background on how SSO passes authenticated user's identity to my application, read my comment to tvanfosson's post.
的工作岗位,仍打开一个更好的主意。
这篇关于SSO身份验证后设置FormsAuthentication的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
