更新时间:2023-12-01 13:42:10
什么你以后是一个单点登录解决方案。
What you're after is a Single Sign-on solution.
由于ASP.NET验证它的心脏一般基于cookie的,有两件事情来看待:
As ASP.NET authentication is at it's heart generally cookie based, there are two things to look at:
在更深入在这两种寻找:
Looking at both of these in more depth:
1。正确设置cookie
您需要确保ASP.NET是写作的身份验证票的Cookie根域,而不是这是使用域的形式
属性做了明确的领域元素:
You need to ensure that ASP.NET is writing the authentication ticket cookies to the root domain, rather than the explicit domain this is done using the domain
attribute of the forms element:
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
domain=".example.com">
</forms>
您应该设置您的域名为.example.com的 - 注意前导句 - 这是关键。这种方式要求example.com和www.example.com都将正确读取cookie,以及认证用户。
You should set your domain to ".example.com" - note the leading period - this is the key. This way requests to example.com and www.example.com will both read the cookie correctly, and authenticate the user.
2。弹跳用户替代域
我们已经在该上使用单点登录一些网站实行的是往返登录过程。用户认证的第一个域,我们加密的登录信息,然后将它们重新定向到一个已知页面上的第二个域,记录他们在那里,然后重定向回原来的服务器。
What we have implemented on a few sites that use a single sign on is a round trip login process. The user authenticates on the first domain, we encrypt the login details, and redirect them to a known page on the second domain, log them in there, and then redirect back to the original server.
此客户端重定向是很重要的 - 当有一个响应返回给客户端的cookie只写的,并且浏览器具有访问第二个域实际看到饼干
This client side redirection is important - cookies are only written when there is a response back to the client, and the browser has to visit the second domain to actually see the cookies.
其他细节在这种设置了考虑:
Other details to consider in this sort of set-up:
您也可以看看窗体身份验证跨应用程序