与Windows Service共享ASP.NET MVC会话
[英]Share asp.net mvc session with windows service
问题描述
i am developing an applications which uses ASP.Net MVC 4 (.Net 4.5) and self-hosted websockets. 
我正在开发使用ASP.Net MVC 4(.Net 4.5)和自托管websocket的应用程序。 For the user-handling and login-process i use the default asp.net mvc formauthentication system. 对于用户处理和登录过程,我使用默认的asp.net mvc formauthentication系统。
Does any one have an idea, how to share the login-session between the IIS (ASP.Net MVC) and the Windows service? 是否有人知道如何在IIS(ASP.Net MVC)和Windows服务之间共享登录会话?
Thank you! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2013-12-01 19:24:37
If you have several applications that all require same user to be logged in, then you need to implement a security pattern called Single Sign-On (SSO). 如果您有多个都需要同一用户登录的应用程序,则需要实现一种称为单点登录(SSO)的安全模式。
This requires that you have a centralized place where your authentication is done, and that place is called Security Token Service (STS) or Identity Provider (IdP). 这要求您在一个集中的地方进行身份验证,并且该地方称为安全令牌服务(STS)或身份提供者(IdP)。
When user attempts to access either your MVC application or your websocket endpoints, your authentication logic in application must redirect him to STS. 当用户尝试访问您的MVC应用程序或Websocket端点时,您在应用程序中的身份验证逻辑必须将其重定向到STS。 STS will then require credentials, and based on those it will issue a Security Token. 然后,STS将需要凭据,并基于这些凭据将发布安全令牌。 Client will then return to application that has caused a redirect and carry token with it. 然后,客户端将返回导致重定向的应用程序,并随其携带令牌。 That token can then be used on any other application in your realm and as long as it is valid (not expired), security session is valid/shared on all your applications. 该令牌然后可以在您领域中的任何其他应用程序上使用,并且只要它有效(未过期),安全会话就可以在您所有应用程序上有效/共享。
I'd suggest that you read about Windows Identity Foundation (WIF) 4.5 and SSO patterns, as some of the things mentioned above come out-of-the-box with WIF. 我建议您阅读有关Windows Identity Foundation(WIF)4.5和SSO模式的信息,因为上面提到的某些内容随WIF一起提供。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.