Asp.net mvc 4 这是mvc4中关于跨域身份验证的错误吗?
我在mvc3和.net4上使用了跨域cookie身份验证,它运行良好, 我在mvc4和.net 4.5上创建了另一个项目,并在mvc上将代码从较低版本复制到较高版本,我的意思是mvc4,现在我在主域上创建了身份验证cookie,但子域无法意识到用户已通过身份验证 这是mvc4中的一个bug还是我必须启用一些未来或类似的东西 在主域上创建身份验证cookie的我的代码:Asp.net mvc 4 这是mvc4中关于跨域身份验证的错误吗?,asp.net-mvc-4,authentication,cross-domain,Asp.net Mvc 4,Authentication,Cross Domain,我在mvc3和.net4上使用了跨域cookie身份验证,它运行良好, 我在mvc4和.net 4.5上创建了另一个项目,并在mvc上将代码从较低版本复制到较高版本,我的意思是mvc4,现在我在主域上创建了身份验证cookie,但子域无法意识到用户已通过身份验证 这是mvc4中的一个bug还是我必须启用一些未来或类似的东西 在主域上创建身份验证cookie的我的代码: FormsAuthenticationTicket ticket = new FormsAuthenticati
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
"fc5f06b006b44b05a257c406f4218638",//username
DateTime.Now,
DateTime.Now.AddDays(5),
true,
"members",
FormsAuthentication.FormsCookiePath);
// To give more security it is suggested to hash it
string hashCookies = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
hashCookies); // Hashed ticket
cookie.Expires = DateTime.Now.AddDays(5);
cookie.Domain = ".maindomain.com";
Response.Cookies.Add(cookie);
在子域中,使用此行代码测试用户身份验证:
var result = System.Web.HttpContext.Current.User.Identity.IsAuthenticated + "-" +
System.Web.HttpContext.Current.User.Identity.Name;
在我的全球计划中,我有:
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
// look if any security information exists for this request
if (System.Web.HttpContext.Current.User != null)
{
// see if this user is authenticated, any authenticated cookie (ticket) exists for this user
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
// see if the authentication is done using FormsAuthentication
if (System.Web.HttpContext.Current.User.Identity is FormsIdentity)
{
// Get the roles stored for this request from the ticket
// get the identity of the user
FormsIdentity identity = (FormsIdentity)System.Web.HttpContext.Current.User.Identity;
// get the forms authetication ticket of the user
FormsAuthenticationTicket ticket = identity.Ticket;
// get the roles stored as UserData into the ticket
string[] roles = ticket.UserData.Split(',');
// create generic principal and assign it to the current request
System.Web.HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(identity, roles);
}
}
}
}
在我的web配置中:
<authentication mode="Forms">
<forms domain=".maindomain.com" name="atnc"
loginUrl="~/home" timeout="120" requireSSL="false" />
</authentication>
如果它真的是一个bug,那么你可能会更幸运地将它发布到