我在同一台Windows服务器上托管了两个网站。
1)Asp.net Web应用程序框架4.0(abc.com/site1)
2)MVC应用程序框架4.5.2(abc.com/site2)
现在我想在这些网站之间实施SSO方法。即当用户登录到asp.net应用程序时,它会被重定向到MVC应用程序,然后我将检查表单auth cookie。
但是我在阅读auth cookie时遇到了问题。
FormsAuthentication.SetAuthCookie(txtUserName.Text.Trim(), false);
FormsAuthenticationTicket ticket1 =
new FormsAuthenticationTicket(
1, // version
txtUserName.Text.Trim(), // get username from the form
DateTime.Now, // issue time is now
DateTime.Now.AddMinutes(30), // expires in 30 minutes
false, // cookie is not persistent
"" // role assignment is stored
// in userData
);
HttpCookie cookie1 = new HttpCookie(
FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket1));
cookie1.Domain = FormsAuthentication.CookieDomain;
Response.Cookies.Add(cookie1);
和web.config代码如下
<authentication mode="Forms">
<forms name="Form.AUTH" loginUrl="~/Home.aspx" protection="All" path="/" requireSSL="true" domain="abc.com" cookieless="UseCookies" />
</authentication>
<machineKey validationKey="4B616C4E8BE5E18C3A1650939E88F3B0ED1AFC692919D7937DA68BBC552F04027DCF8BD31125E5E69094E1A4BA96731067BB57F0D3C34B63B9B03123703CD01A" decryptionKey="EC095D7743D3368F22FB7F482D9F41AA911922EC753515BB" validation="HMACSHA384" compatibilityMode="Framework20SP2" />
现在为第二个应用程序(MVC)读取相同的cookie,Web.config更改如下
<machineKey validationKey="4B616C4E8BE5E18C3A1650939E88F3B0ED1AFC692919D7937DA68BBC552F04027DCF8BD31125E5E69094E1A4BA96731067BB57F0D3C34B63B9B03123703CD01A" decryptionKey="EC095D7743D3368F22FB7F482D9F41AA911922EC753515BB" validation="HMACSHA384" compatibilityMode="Framework20SP2" />
<authentication mode="Forms">
<forms loginUrl="account/" name="Form.AUTH" protection="All" path="/" domain="abc.com" requireSSL="true" cookieless="UseCookies"></forms>
</authentication>
并在MVC应用程序中读取相同的cookie,代码如下。我用Global.asax文件编写了
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
try
{
if (Request.IsAuthenticated)
{
logClass.logger.Info("Request is authencated -- If");
}
else
{
logClass.logger.Info("Request is authencated -- else");
}
}
catch (Exception ex)
{
logClass.logger.Info("Request is authencated -- Error");
}
try
{
if (User.Identity.IsAuthenticated)
{
logClass.logger.Info("User.Identity.IsAuthenticated -- If");
}
else
{
logClass.logger.Info("User.Identity.IsAuthenticated -- else");
}
}
catch (Exception ex)
{
logClass.logger.Info("User.Identity.IsAuthenticated -- Error");
}
HttpCookie authCookie = HttpContext.Current.Request.Cookies["Form.AUTH"];
string[] myCookies = Request.Cookies.AllKeys;
logClass.logger.Info(myCookies);
logClass.logger.Info(FormsAuthentication.FormsCookieName);
try
{
logClass.logger.Info(HttpContext.Current.Request.Cookies["Form.AUTH"].Value);
}
catch (Exception)
{
logClass.logger.Info("Error value");
}
if (authCookie != null)
{
logClass.logger.Info(authCookie.Value);
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
if (authTicket.UserData == "OAuth") return;
CustomPrincipalSerializedModel serializeModel =
serializer.Deserialize<CustomPrincipalSerializedModel>(authTicket.UserData);
CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
//newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
HttpContext.Current.User = newUser;
}
}
现在的问题是,当用户登录到asp.net Web应用程序用户时,会对身份验证cookie进行身份验证并创建表单身份验证cookie,但是当打开MVC应用程序时,您可以看到以下代码都不起作用
Request.IsAuthenticated : false
User.Identity.IsAuthenticated : false
HttpCookie authCookie = HttpContext.Current.Request.Cookies["Form.AUTH"]; // its null
string[] myCookies = Request.Cookies.AllKeys;
logClass.logger.Info(myCookies); // no Form.AUTH cookie in it
logClass.logger.Info(FormsAuthentication.FormsCookieName);