stackoom
  简体   繁体   中英

Forms Authentication single sign on for Asp.Net and MVC sites mixed

 原文  2013-04-16 01:49:19       asp.net/ asp.net-mvc/ forms-authentication/ single-sign-on

Question

I have an old application written using old school asp.net (v2.0) which I need to integrate with a new site written using MVC3, .Net 4.0. (the old site can be upgraded to 4.0 if necessary)

Is this possible? I've read about using SSO with forms auth across multiple sites, but all posts have been about multiple asp.net, or multiple MVC sites - I haven't seen anything about mixing the two.

If both sites are under the same domain, and have the same machine key, should this work?

EDIT: An additional part to this question, if SSO can be made to work using forms auth, would it also be possible to allow both of these applications to use the same session state service, and therefore share session state across the applications? I understand the sessionid is stored in the cookie, so would both applications be able to access the same session info for a single user?

1 answers

solution1
 0  2013-04-16 02:02:57

Forms authentication is limited by domain (because cookies are limited to the domain (or subdomain if configured) by default. If within the same domain then yes.

Work arounds can be made to share authentication across domains as well though.

One work around involves using a web service for remote authentication. Each site involved would use the same service for authentication, and even though authentication is still domain specific, a work around could be created involving passing an identification value to the request in the other domain. That identifier would be used to automatically authenticate the user, based on some common identifier (user id, email, etc). Since we're talking http communications, it doesn't necessarily "have" to be .net specific, though it'd be much simpler.

There is also the OAuth open authentication protocol to consider. OAuth is supported by pretty much all major platforms, so it should be platform agnostic. However, I don't know about the idea of "auto-authentication upon redirects to your other apps, might be a violation of OAuth. If thats the case, a user would need to click a button to confirm of something.

Good example of the OAuth is right here with Stack Overflow and the entire Stack Exchange family of sites.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC 5 Single Sign On pattern without Forms Authentication Single Sign On using asp.net forms authentication not working ASP.NET Mixed Forms/Windows Authentication ASP.NET MVC 4 Mixed authentication mode Forms authentication and Federation Authentication(Single Sign On + ADFS 2.0 + SAML) in Same ASP.NET Website Configuring Multiple ASP.NET MVC Sites To Use a Single Database For Authentication/Membership Custom ASP.NET MVC Forms Authentication asp.net MVC forms authentication custom ASP.NET MVC not work with Forms Authentication ASP.NET MVC forms authentication equivalent
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM