如何在MVC项目和WCF项目之间共享会话?
[英]How to share session between a MVC project and a WCF project?
问题描述
I have an angular-WebAPI-MVC-WCF solution. 
我有一个angular-WebAPI-MVC-WCF解决方案。
I want to share the user session between the MVC and WCF projects. 我想在MVC和WCF项目之间共享用户会话。 Is this possible? 这可能吗?
Also, I want to share the authentication mechanism, I mean, I only want the user to be authenticated once on the MVC project using FormAuthentication, and let the WCF know when the user is authenticated without envolving any other technologie. 另外,我想共享身份验证机制,这就是说,我只希望使用FormAuthentication在MVC项目上对用户进行一次身份验证,并在不涉及任何其他技术的情况下让WCF知道何时对用户进行身份验证。
I have another solution where the MVC and WCF app reside on the same project(dll), and on that context I can share the authentication and session data. 我有另一个解决方案,其中MVC和WCF应用程序驻留在同一项目(dll)上,并且在那种情况下,我可以共享身份验证和会话数据。
So, in order to share the session, should I move the svc files from the WCF into the MVC project? 因此,为了共享会话,我是否应该将svc文件从WCF移到MVC项目中? Is that the only way? 那是唯一的方法吗?
All the projects share the same db, but I would like to solve this without having to store session data on the db level. 所有项目共享同一个数据库,但我想解决此问题而不必在数据库级别上存储会话数据。
Thanks for any info 谢谢你的任何信息
1 个解决方案
解决方案1
2 已采纳 2015-07-14 14:46:13
If your WCF layer is on the same app pool, you can check for the ASPXAuth cookie (Forms Auth cookie name which is configurable) and you can use methods in the FormsAuthentication class/namespace to decode the cookie to get the user in your WCF layer. 如果WCF层位于同一应用程序池中,则可以检查ASPXAuth cookie(可配置的Forms Auth cookie名称),并且可以使用FormsAuthentication类/命名空间中的方法对cookie进行解码,以使用户进入WCF层。
If you configure the forms auth cookie to be a domain cookie then you can host your WCF layer in a different app pool/iis site as long as it's on the same domain as your main site. 如果您将表单身份验证cookie配置为域cookie,则您可以将WCF层托管在其他应用程序池/ iis站点中,只要它与主站点位于同一个域中即可。 Both sites will receive the cookie. 两个站点都将接收该cookie。
That cookie is what drives forms authentication. cookie是驱动表单身份验证的因素。 If the FormsAuthenticationModule sees the cookie in the request cookies collection it retrieves the user from the cookie (decrypts it) and creates an authenticated session. 如果FormsAuthenticationModule在请求cookie集合中看到cookie,它将从cookie中检索用户(对其进行解密)并创建一个经过身份验证的会话。
Optionally, you could also create the cookie yourself by creating a log in method in your WCF layer and have it Create the Forms Cookie in the WCF site. (可选)您也可以通过在WCF层中创建登录方法并在WCF站点中创建Forms Cookie来自己创建Cookie。 However logging out of the main site would not log out the webservices so you'd have to call log out on the Web Services layer when a user logs out of the main site and vice versa. 但是,注销主要站点不会注销Web服务,因此,当用户注销主要站点时,您必须在Web服务层上调用注销,反之亦然。
If you configure the site to use Forms Auth in url mode you can authenticate without the cookie, but then you have to pass the FormsAuth ticket around in every single url... 如果您将站点配置为在url模式下使用Forms Auth,则无需使用cookie即可进行身份验证,但随后必须在每个URL中传递FormsAuth票证。
As to sharing the session data, you can configure ASP.Net session state to be DB Based instead of Process based. 关于共享会话数据,可以将ASP.Net会话状态配置为基于数据库而不是基于进程。 In doing so ASP.Net will put your session data in the database for you, you do not need to do it yourself. 这样,ASP.Net将为您将会话数据存储在数据库中,您无需自己进行操作。 https://support.microsoft.com/en-us/kb/317604#bookmark-3 https://support.microsoft.com/en-us/kb/317604#bookmark-3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.