我使用部署到同一服务器的OWIN-MixedAuth设置了两个mvc 5应用程序。每个应用程序都在一个单独的文件夹中,并配置了自己的应用程序池,如下所示:
xyz.domain.com/MySiteA
xyz.domain.com/MySiteB
每个的Web配置如下
MySiteA:
<system.web>
<customErrors mode="Off"/>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<!-- Enable Mixed Auth -->
<location path="MySiteA/MixedAuth">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>`
MySiteB:
<system.web>
<customErrors mode="Off"/>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<!-- Enable Mixed Auth -->
<location path="MySiteB/MixedAuth">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>`
当用户登录到一个应用程序时,即使用户不是第二个应用程序中的注册用户,用户也会自动登录到第二个应用程序。
同样,一个应用程序中的登录会自动将用户从第二个应用程序中导出。
如果我使用表单或窗口进行身份验证,则会发生这种情况。我该如何防止这种情况发生?
这是我在两个应用程序上的登录代码:
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
// If user is already logged in
if (HttpContext.Request.IsAuthenticated)
{
return RedirectToAction("Index", "Manage");
}
ViewBag.ReturnUrl = returnUrl;
return View();
}
这就是我在startup.auth中所拥有的:
var cookieOptions = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
};
app.UseCookieAuthentication(cookieOptions);
是否可以选择更改Cookie名称?
答案 0 :(得分:1)
将CookieName添加到startup.auth:
var cookieOptions = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieName = "MySiteA",
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
};
app.UseCookieAuthentication(cookieOptions);