AuthenticationForm - Cross Site Cookies

☆樱花仙子☆ 提交于 2019-12-11 17:34:14

问题


I've 2 web sites, the first one is myFirst.domain.com and the second one is mySecondSite.domain.com.

They stay on two different web servers and my goal is to allow cross site authentication (my real need is shared FormsAuthentication Cookie).

I've correctly set up my web.config file (machine key node, forms node). The only difference is about loginUrl where on myFirstSite appears like ~/login.aspx, and on mySecondSite it appears like http://myFirstSite.com/login.aspx.

Note that I've not got a virtual directory, I've just 2 different web apps.

The problem: When I reach myFirstSite login page from mySecondSite I never get redirected from the login page, it seems like a cookie isn't being written.

The following is a few snippets about the issue:

MyFirsSite:

 <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />
        <authentication mode="Forms">
            <forms loginUrl="login.aspx" name="authCookie" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>
            <deny users="?" />
            <allow users="*"/>
        </authorization>

MyFirstSite code behind:

 FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, "userName..", DateTime.Now, DateTime.Now.AddMinutes(30), true, "roles..");

        string ticket = FormsAuthentication.Encrypt(fat);

        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticket);
        authCookie.Expires = fat.Expiration;
        authCookie.Domain = "myDomain.com";
        Response.Cookies.Add(authCookie);

//Here is other stuff about querystring checking in order to execute exact redirect, however it's not working, I always return to the login page.

MySecondSite:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
        <authentication mode="Forms">
            <forms loginUrl="http://myFirstSite.domain.com/login.aspx?queryStringToIndicateUrlPage" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>

Well, that's all. Unfortunately it doesn't work.

Please, don't pay attention to queryStringToIndicateUrlPage, it's only a simple workaround in order to know whether I must redirect on the same app or on the another one.


回答1:


As you're using cookie based authentication shared between two domains, you'll need to indicate this in the <forms> element:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
    <authentication mode="Forms">
        <forms domain=".domain.com" ... />
    </authentication>

Note the initial "." in front of the domain name, which enables sharing of cookies between subdomains.



来源:https://stackoverflow.com/questions/12252783/authenticationform-cross-site-cookies

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!