[英]ASP.Net MVC - forms authentication using an external URL
Our organization has a central solution for forms authentication. 我们的组织拥有表单身份验证的中央解决方案 I am trying to implement an ASP.Net MVC app that uses this external URL - and it worked till RC!
我正在尝试实现一个使用此外部URL的ASP.Net MVC应用程序 - 它一直工作到RC! was released...
被释放了......
Here's what's happening 这是正在发生的事情
In an ActionAttribute Extension 在ActionAttribute扩展中
I check for s session var if not found check for a request data chuck if found, set the session var if not found - redirect to external URL if found continue. 我检查s会话var如果找不到检查请求数据chuck如果找到,设置会话var如果找不到 - 重定向到外部URL如果找到继续。
The trouble is that till I updated to RC1, this worked. 麻烦的是,直到我更新到RC1,这是有效的。 Since then, so many requests are being sent to the external URL that it detects a DoS attack and shuts me out!
从那时起,如此多的请求被发送到外部URL,它检测到DoS攻击并关闭我!
I removed the redirection code and replaced it with the web.config changes for Forms Auth - and the same thing happened... 我删除了重定向代码并将其替换为Forms Auth的web.config更改 - 同样的事情发生了......
为什么不使用Microsoft Geneva而不是尝试推送自己的身份验证提供程序?
CODE: 码:
public class MyAuthenticate : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.Session["user"] == null)
{
using (Authenticator dp = new Authenticator())
{
MyUser mu;
string data = string.Empty;
try
{
data = filterContext.HttpContext.Request["Data"];
}
catch { };
if (!string.IsNullOrEmpty(data))
{
mu = dp.Redeem(data);
if (mu.authenticated)
{
filterContext.HttpContext.Session.Clear();
AuthenticatedUser user = new AuthenticatedUser(mu);
filterContext.HttpContext.Session.Add("user", user);
FormsAuthentication.SetAuthCookie(user.UserId, false);
}
else
{
filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
}
}
else
{
filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
}
}
}
base.OnActionExecuting(filterContext);
}
}
}
I resolved this issue by creating a static dictionary of requesting IPs, and dropping duplicate requests from the same IP. 我通过创建请求IP的静态字典并从同一IP中删除重复请求来解决此问题。 Not a very nice solution - so if anyone figures out a better solution - let me know.
不是一个非常好的解决方案 - 所以如果有人想出更好的解决方案 - 让我知道。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.