MVC身份Cookie在子域之间进行了身份验证

时间:2018-09-21 06:52:48

标签: c# asp.net-mvc-5 asp.net-identity-2

因此,在我的谷歌搜索中,我遇到了很多努力启用跨域支持(例如Identity)的人。但是不知何故我将此作为标准。 应用程序设置是我们有一个域,每个客户都有一个子域。我们为每个客户上传一个新的Web应用。

问题似乎是,如果我登录xxx.foo.com,我也登录yyy.foo.com。

关于关闭此功能,我似乎找不到任何东西。 与标准模板相比,身份设置没有太大变化。 下面是Startup.Auth.cs代码:

public void ConfigureAuth(IAppBuilder app)
{
    // Configure the db context, user manager and signin manager to use a single instance per request
    app.CreatePerOwinContext(DataContext.Create);
    app.CreatePerOwinContext<UserManager>(UserManager.Create);
    app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
    app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);

    // Enable the application to use a cookie to store information for the signed in user
    // and to use a cookie to temporarily store information about a user logging in with a third party login provider
    // Configure the sign in cookie
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        //LoginPath = new PathString("/Account/BadRights"),
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            // Enables the application to validate the security stamp when the user logs in.
            // This is a security feature which is used when you change a password or add an external login to your account.  
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<UserManager, User>(
                validateInterval: TimeSpan.FromMinutes(10),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },
    });            
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

    // Enables the application to remember the second login verification factor such as phone or email.
    // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
    // This is similar to the RememberMe option when you log in.
    app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}

对于我应该寻找的任何帮助或提示,我们将不胜感激。

1 个答案:

答案 0 :(得分:1)

您必须构建身份服务器才能使用SSO登录。

您可以找到详细信息here