[英]Authenticate user on Sub-domain and remain logged in on parent domain?
I have two sites: www.forums.mysite.com and www.mysite.com 我有两个网站:www.forums.mysite.com和www.mysite.com
The forums already has authentication set up and I'd like to use it. 论坛已经设置了身份验证,我想使用它。
I'm using C# MVC .NET 4.5 我正在使用C#MVC .NET 4.5
I have created two sites in IIS 8.5: mysite and forums 我在IIS 8.5中创建了两个站点:mysite和forums
mysite bindings: mysite绑定:
forums bindings: 论坛绑定:
I have also added the domains to my host file : 我还将域添加到了我的主机文件中 :
I have added the MachineKey to both applications Web.config files and the keys are identical: 我已经将MachineKey添加到两个应用程序Web.config文件中,并且密钥是相同的:
<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />
In the controller of the subdomain (Forums), a user logs in and I have modified the cookie as follows: 在子域(Forums)的控制器中,一个用户登录,并且我如下修改了cookie:
FormsAuthentication.SetAuthCookie(username, model.RememberMe);
var cookie = FormsAuthentication.GetAuthCookie(username, model.RememberMe);
cookie.Domain = "mysite.com"; //this is the parent domain
//I've also tried with .mysite.com
Response.AppendCookie(cookie);
I can log in via the forums but then when I go to the main site (mysite.com), I am not logged in... I don't understand why not. 我可以通过论坛登录,但是当我转到主站点(mysite.com)时,我没有登录...我不明白为什么不这样做。
As a test in mysite.com/home/index.cshtml (the home page), I have added this: 作为mysite.com/home/index.cshtml(主页)中的测试,我添加了以下内容:
<h1>
Logged in: @User.Identity.IsAuthenticated
</h1>
but the result is always false, even though both sites have the same .ASPXAUTH cookie... 但是即使两个站点都具有相同的.ASPXAUTH cookie,结果也始终为false。
Any ideas? 有任何想法吗?
Probably, domain should be .mysite.com
(leading dot), not mysite.com
. 域名可能是
.mysite.com
(前导点),而不是mysite.com
。
Upd. 更新。
Also, problem may be with leading www
in your's domain names. 另外,您的域名前导
www
可能会出问题。 Try set cookies domain to www.mysite.com
or .www.mysite.com
(or eliminate www
in your's config, its just an archaic junk :)) 尝试将Cookie域设置为
www.mysite.com
或.www.mysite.com
(或在您的配置中消除www
,这只是一个陈旧的垃圾:)
Upd. 更新。 2
2
Looks like there is problems with setting cookies for parent domains (take a look at this , for example), which is understandable, from some point of view. 从某些角度看,可以理解为父域设置cookie似乎有问题(例如,查看this )。
Can suggest only following: 只能建议以下内容:
www.mysite.com/keep-logined?c=<encoded_auth_data>
. www.mysite.com/keep-logined?c=<encoded_auth_data>
。 keep-logined
script unserialize auth data and manually set cookie for root domain. keep-logined
脚本中,反序列化身份验证数据并手动为根域设置cookie。 keep-logined
script with redirect-back
url. redirect-back
URL的keep-logined
脚本。 Note: make sure to protect that keep-logined
script and supplied auth data from hacking by some sort of encoding or key-passing. 注意:请确保通过某种编码或密钥传递保护该
keep-logined
脚本和提供的身份验证数据免受黑客攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.