ASP MVC Single Application Multi

2018-06-07 01:08:17

I have the following strict scenario specifically required by a client: A single website using Asp.NET MVC4 which is accessible via various domains with Single-Sign On mechanism.

I have managed to make form authentication work with subdomains by specifying in the webconfig the second-level domain

 <authentication mode="Forms">
  <forms name="SingleSignOn" loginUrl="/Login/LoginRedirect" timeout="10" slidingExpiration="false" domain="domain.ml"  cookieless="UseCookies" enableCrossAppRedirects="true">
    <credentials passwordFormat="SHA1" />
  </forms>
</authentication>

Also when calling the FormsAuthentication.SetAuthCookie in the login logic, I am specifying the second level domain as well:

 System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(lName, false);
                    MyCookie.Domain = lSecondLevelDomain;
                    FormsAuthentication.SetAuthCookie(lName, false);

Across different domains, this does not work, since the actual domain will not match with the domain specified in the web.config and neither with the cookies.

The aim is:

User accesses domain1.com User redirected to logindomain.com and authenticated cookie created User redirected back to domain1.com

The user is always redirected to a "login domain", the cookie is created using that domain, and always authenticate using the same cookie across domains.

Is it possible to override the logic of the Authorize attribute in order to allow authorization using the cookie of the login domain instead of the domain the user originally used?

Before diving into programming, take a look at How does SO's new auto-login feature work? to understand how to implement such this scenarios.

Then take a look at Forms Authentication Across Applications and Single Sign On (SSO) for cross-domain ASP.NET applications. Now you can meet your purpose as you want :)

You can also use the following code if you strongly consider the validity of the resultant absolute returned URL:

public class Startup {
    public void Configuration(IAppBuilder app) {
        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationMode = AuthenticationMode.Active,
            LoginPath = new PathString("/account/login"),
            LogoutPath = new PathString("/account/logout"),
            Provider = new CookieAuthenticationProvider { OnApplyRedirect = ApplyRedirect },
        });
    }

    private static void ApplyRedirect(CookieApplyRedirectContext context) {
        Uri absoluteUri;
        if (Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out absoluteUri)) {
            var path = PathString.FromUriComponent(absoluteUri);
            if (path == context.OwinContext.Request.PathBase + context.Options.LoginPath)
                context.RedirectUri = "http://accounts.domain.com/login" +
                    new QueryString(
                        context.Options.ReturnUrlParameter,
                        context.Request.Uri.AbsoluteUri);
                        // or use context.Request.PathBase + context.Request.Path + context.Request.QueryString
        }

        context.Response.Redirect(context.RedirectUri);
    }
}

链接地址: http://www.djcxy.com/p/21680.html

上一篇: 暴力破解平均密码/非侵入性但意义有限的尝试次数？

下一篇: ASP MVC单应用多