ASP.Net MVC - 使用外部URL形成身份验证

Question

Our organization has a central solution for forms authentication. 我们的组织拥有表单身份验证的中央解决方案 I am trying to implement an ASP.Net MVC app that uses this external URL - and it worked till RC! 我正在尝试实现一个使用此外部URL的ASP.Net MVC应用程序 - 它一直工作到RC！ was released... 被释放了......

Here's what's happening 这是正在发生的事情

In an ActionAttribute Extension 在ActionAttribute扩展中

I check for s session var if not found check for a request data chuck if found, set the session var if not found - redirect to external URL if found continue. 我检查s会话var如果找不到检查请求数据chuck如果找到，设置会话var如果找不到 - 重定向到外部URL如果找到继续。

The trouble is that till I updated to RC1, this worked. 麻烦的是，直到我更新到RC1，这是有效的。 Since then, so many requests are being sent to the external URL that it detects a DoS attack and shuts me out! 从那时起，如此多的请求被发送到外部URL，它检测到DoS攻击并关闭我！

I removed the redirection code and replaced it with the web.config changes for Forms Auth - and the same thing happened... 我删除了重定向代码并将其替换为Forms Auth的web.config更改 - 同样的事情发生了......

Answer 1

为什么不使用Microsoft Geneva而不是尝试推送自己的身份验证提供程序？

Answer 2

CODE: 码：

public class MyAuthenticate : ActionFilterAttribute
    {        
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Session["user"] == null)
            {
                using (Authenticator dp = new Authenticator())
                {
                    MyUser mu;
                    string data = string.Empty;
                    try
                    {
                        data = filterContext.HttpContext.Request["Data"];
                    }
                    catch { };

                    if (!string.IsNullOrEmpty(data))
                    {
                        mu = dp.Redeem(data);
                        if (mu.authenticated)
                        {                            
                            filterContext.HttpContext.Session.Clear();
                            AuthenticatedUser user = new AuthenticatedUser(mu);
                            filterContext.HttpContext.Session.Add("user", user);
                            FormsAuthentication.SetAuthCookie(user.UserId, false);
                        }
                        else
                        {
                            filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");

                        }
                    }
                    else
                    {
                        filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        } 
    }
}

Answer 3

I resolved this issue by creating a static dictionary of requesting IPs, and dropping duplicate requests from the same IP. 我通过创建请求IP的静态字典并从同一IP中删除重复请求来解决此问题。 Not a very nice solution - so if anyone figures out a better solution - let me know. 不是一个非常好的解决方案 - 所以如果有人想出更好的解决方案 - 让我知道。

ASP.Net MVC - 使用外部URL形成身份验证

问题描述

3 个解决方案

解决方案1
0 2009-02-06 19:41:16

解决方案2
0 2009-02-09 16:44:29

解决方案3
0 已采纳 2009-02-09 19:21:29

ASP.Net MVC - 使用外部URL形成身份验证

问题描述

3 个解决方案

解决方案1 0 2009-02-06 19:41:16

解决方案2 0 2009-02-09 16:44:29

解决方案3 0 已采纳 2009-02-09 19:21:29

解决方案1
0 2009-02-06 19:41:16

解决方案2
0 2009-02-09 16:44:29

解决方案3
0 已采纳 2009-02-09 19:21:29