[英]Asp.net share forms authentication by two applications in the same domain
I have two applications in the same domain: mydomain/app1 and mydomain/app2, and I need to share authentication between them. 我在同一个域中有两个应用程序:mydomain / app1和mydomain / app2,我需要在它们之间共享身份验证。 One app is in Asp.Net WebForms, and the second is using WebApi2. 一个应用程序位于Asp.Net WebForms中,第二个应用程序使用WebApi2。
I configured web.config like below: 我配置如下的web.config:
App1: 应用1:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" defaultUrl="/Default.aspx" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
App2: 应用2:
<authentication mode="Forms">
<forms loginUrl="/index.html" defaultUrl="/index.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
I am signing into app1 and observe the cookie content. 我登录到app1并观察cookie的内容。 Then I am requesting an URL from app2 in another browser tab. 然后,我从另一个浏览器选项卡中的app2请求URL。 The cookie (name and content) in the second tab is the same as in the first one. 第二个选项卡中的cookie(名称和内容)与第一个选项卡中的相同。 I expect that the request from the second tab to be authenticated by the app2 since the cookie is already authenticated by the app1. 我希望来自第二个选项卡的请求将由app2进行身份验证,因为cookie已由app1进行身份验证。 Yet, this is not happening, and I am redirected to the login page of app2. 但是,这没有发生,我被重定向到app2的登录页面。
As suggested by the OP, here is the answer that works in that case. 正如OP所建议的,这是在这种情况下有效的答案。
They've changed the cookie encryption between 4 and 4.5. 他们已将Cookie加密更改为4至4.5。 You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key config node. 您可以使两者都在同一个.net下运行,也可以通过将属性添加到计算机密钥配置节点来打开4.5站点上的兼容性。
https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.