没有表单身份验证的ASP.NET MVC 5单点登录模式

Question

I'm trying to implement a single sign on pattern for my web application over several domains. I was about to use Forms Authentication but I came across this:

https://softwareengineering.stackexchange.com/questions/284380/is-formsauthentication-obsolete

If it's obsolete, what's the recommended alternate solution? I've domains like:

• account.domain.com (Users will login using this)
• app1.domain.com
• app2.domain.com
• app3.domain.com

Also, the main issue I'm facing with Forms Authentication is the user identity. I've a custom user object which has ALOT of properties. Storing and retrieving the object from session everytime is a pain. How can i overcome this difficulty?

Answer 1

You can use ASP.Net Identity with Claims. You do not need to use the entire ASP.Net Identity comes with ASP.Net Template.

[assembly: OwinStartup(typeof(YOUR_APP.Startup))]    
namespace YOUR_APP
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "ApplicationCookie",
                LoginPath = new PathString("/Account/Login"),
                CookieDomain = ".domain.com",
            });
        }
    }
}

You can read more regathering how to attach claims at A primer on OWIN cookie authentication middleware for the ASP.NET developer .

FYI : make sure you set same machine key in all web.config files, so that cookies can be shared between sites.