有没有一种方法可以绕过本地请求的表单身份验证?
[英]Is there a way to bypass forms authentication for local requests?
问题描述
I have an ASP.NET web application that is entirely protected by Forms Authentication. 
我有一个完全由Forms Authentication保护的ASP.NET Web应用程序。
Is there a configuration under which web requests coming from another application on the same machine, either web or console, can bypass the form authentication and access the page as if it were authenticated? 是否存在一种配置,在这种配置下,来自同一台计算机上的其他应用程序(Web或控制台)的Web请求可以绕过表单身份验证并访问页面,就像经过身份验证一样?
1 个解决方案
解决方案1
1 2012-01-08 07:23:46
@merlin2011,you have two chose. @ merlin2011,您有两个选择。
1.use cookie with same machineKey in the different application.(simplest) 1.在不同的应用程序中使用具有相同machineKey的cookie。(最简单)
the Forms Authentication in ASP.NET use cookie to Encryption and decryption your identity and indicates whether you are logged.the application use different key to encrypt you identity in the different application by default. ASP.NET中的表单身份验证使用cookie来加密和解密您的身份,并指示您是否已登录。默认情况下,应用程序使用不同的密钥在其他应用程序中对您的身份进行加密。 see more: Forms Authentication Across Applications 查看更多: 跨应用程序的表单身份验证
notes:this solution only for the between application in the same web domain. 注意:此解决方案仅适用于同一Web域中的应用程序之间。 (for example, www.example.com , a.example.com ,if the www.example1.com will not work) (例如,如果www.example1.com a.example.com ,则为www.example.com , a.example.com )
2.the application in the different web domain(Complex) 2.不同网络域中的应用(复杂)
in this situation,you need the Single Sign-on solution .this will required you need to write code to authenticate a user whether is logged. 在这种情况下,您需要Single Sign-on解决方案。这将需要您编写代码以验证用户是否已登录。
this article will can help you Cross Site Authentication and Data Transfer 本文将帮助您进行跨站点身份验证和数据传输
good luckly! 祝你好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.