在子域上对用户进行身份验证并保持在父域上登录?
[英]Authenticate user on Sub-domain and remain logged in on parent domain?
问题描述
I have two sites: www.forums.mysite.com and www.mysite.com 
我有两个网站:www.forums.mysite.com和www.mysite.com
The forums already has authentication set up and I'd like to use it. 论坛已经设置了身份验证,我想使用它。
I'm using C# MVC .NET 4.5 我正在使用C#MVC .NET 4.5
I have created two sites in IIS 8.5: mysite and forums 我在IIS 8.5中创建了两个站点:mysite和forums
mysite bindings: mysite绑定:
- Type: HTTP 类型:HTTP
- IP address: All Unnasigned IP地址:全部未分配
- Port: 80 端口:80
- Host name: www.mysite.com 主机名:www.mysite.com
forums bindings: 论坛绑定:
- Type: HTTP 类型:HTTP
- IP address: All Unnasigned IP地址:全部未分配
- Port: 80 端口:80
- Host name: www.forums.mysite.com 主机名:www.forums.mysite.com
I have also added the domains to my host file : 我还将域添加到了我的主机文件中 :
- myip www.mysite.com myip www.mysite.com
- myip www.forums.mysite.com myip www.forums.mysite.com
I have added the MachineKey to both applications Web.config files and the keys are identical: 我已经将MachineKey添加到两个应用程序Web.config文件中,并且密钥是相同的:
<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />
In the controller of the subdomain (Forums), a user logs in and I have modified the cookie as follows: 在子域(Forums)的控制器中,一个用户登录,并且我如下修改了cookie:
FormsAuthentication.SetAuthCookie(username, model.RememberMe);
var cookie = FormsAuthentication.GetAuthCookie(username, model.RememberMe);
cookie.Domain = "mysite.com"; //this is the parent domain
//I've also tried with .mysite.com
Response.AppendCookie(cookie);
I can log in via the forums but then when I go to the main site (mysite.com), I am not logged in... I don't understand why not. 我可以通过论坛登录,但是当我转到主站点(mysite.com)时,我没有登录...我不明白为什么不这样做。
As a test in mysite.com/home/index.cshtml (the home page), I have added this: 作为mysite.com/home/index.cshtml(主页)中的测试,我添加了以下内容:
<h1>
Logged in: @User.Identity.IsAuthenticated
</h1>
but the result is always false, even though both sites have the same .ASPXAUTH cookie... 但是即使两个站点都具有相同的.ASPXAUTH cookie,结果也始终为false。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 2015-08-30 13:03:54
Probably, domain should be .mysite.com (leading dot), not mysite.com . 域名可能是.mysite.com (前导点),而不是mysite.com 。
Upd. 更新。
Also, problem may be with leading www in your's domain names. 另外,您的域名前导www可能会出问题。 Try set cookies domain to www.mysite.com or .www.mysite.com (or eliminate www in your's config, its just an archaic junk :)) 尝试将Cookie域设置为www.mysite.com或.www.mysite.com (或在您的配置中消除www ,这只是一个陈旧的垃圾:)
Upd. 更新。 2 2
Looks like there is problems with setting cookies for parent domains (take a look at this , for example), which is understandable, from some point of view. 从某些角度看,可以理解为父域设置cookie似乎有问题(例如,查看this )。
Can suggest only following: 只能建议以下内容:
- On user-login in subdomain, take auth data. 在子域中用户登录时,获取身份验证数据。
- Serialize auth data and send it to parent domain to some script like
www.mysite.com/keep-logined?c=<encoded_auth_data>.序列化身份验证数据,并将其发送到父域的某个脚本,如www.mysite.com/keep-logined?c=<encoded_auth_data>。 - In that
keep-loginedscript unserialize auth data and manually set cookie for root domain.在该keep-logined脚本中,反序列化身份验证数据并手动为根域设置cookie。 - Redirect user back to subdomain, (can supply
keep-loginedscript withredirect-backurl.将用户重定向回子域(可以提供带有redirect-backURL的keep-logined脚本。
Note: make sure to protect that keep-logined script and supplied auth data from hacking by some sort of encoding or key-passing. 注意:请确保通过某种编码或密钥传递保护该keep-logined脚本和提供的身份验证数据免受黑客攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.