stackoom
  简体   繁体   中英

ASP.Net MVC - forms authentication using an external URL

 原文  2009-02-06 19:37:21       asp.net-mvc/ forms-authentication

Question

Our organization has a central solution for forms authentication. I am trying to implement an ASP.Net MVC app that uses this external URL - and it worked till RC! was released...

Here's what's happening

In an ActionAttribute Extension

I check for s session var if not found check for a request data chuck if found, set the session var if not found - redirect to external URL if found continue.

The trouble is that till I updated to RC1, this worked. Since then, so many requests are being sent to the external URL that it detects a DoS attack and shuts me out!

I removed the redirection code and replaced it with the web.config changes for Forms Auth - and the same thing happened...

3 answers

solution1
 0  2009-02-06 19:41:16

为什么不使用Microsoft Geneva而不是尝试推送自己的身份验证提供程序?

solution2
 0  2009-02-09 16:44:29

CODE: 

public class MyAuthenticate : ActionFilterAttribute
    {        
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Session["user"] == null)
            {
                using (Authenticator dp = new Authenticator())
                {
                    MyUser mu;
                    string data = string.Empty;
                    try
                    {
                        data = filterContext.HttpContext.Request["Data"];
                    }
                    catch { };

                    if (!string.IsNullOrEmpty(data))
                    {
                        mu = dp.Redeem(data);
                        if (mu.authenticated)
                        {                            
                            filterContext.HttpContext.Session.Clear();
                            AuthenticatedUser user = new AuthenticatedUser(mu);
                            filterContext.HttpContext.Session.Add("user", user);
                            FormsAuthentication.SetAuthCookie(user.UserId, false);
                        }
                        else
                        {
                            filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");

                        }
                    }
                    else
                    {
                        filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        } 
    }
}

solution3
 0 ACCPTED  2009-02-09 19:21:29

I resolved this issue by creating a static dictionary of requesting IPs, and dropping duplicate requests from the same IP. Not a very nice solution - so if anyone figures out a better solution - let me know.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC Forms authentication against external web service Using Custom Login for forms authentication in asp.net mvc5 ASP.NET MVC 5 Forms Authentication using ActiveDirectoryMembershipProvider and IsAuthenticated ASP.NET MVC 3 error when using forms authentication ASP.net MVC Authentication using external PHP API ASP.NET MVC + Silverlight + Forms Authentication asp.net MVC forms authentication custom ASP.NET MVC not work with Forms Authentication jQuery Forms Authentication with ASP.NET MVC ASP.NET MVC forms authentication equivalent
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM