C# 在同一服务器上的网站之间读取表单身份验证cookie
我有两个网站托管在同一台windows服务器上 1) Asp.net web应用程序框架4.0(abc.com/site1) 2) MVC应用程序框架4.5.2(abc.com/site2) 现在我想在这些站点之间实现SSO方法。i、 当用户登录到asp.net应用程序时,它会被重定向到MVC应用程序,在那个里我会检查表单auth cookie 但是我在阅读表单auth cookie时遇到了问题C# 在同一服务器上的网站之间读取表单身份验证cookie,c#,asp.net,asp.net-mvc,cookies,C#,Asp.net,Asp.net Mvc,Cookies,我有两个网站托管在同一台windows服务器上 1) Asp.net web应用程序框架4.0(abc.com/site1) 2) MVC应用程序框架4.5.2(abc.com/site2) 现在我想在这些站点之间实现SSO方法。i、 当用户登录到asp.net应用程序时,它会被重定向到MVC应用程序,在那个里我会检查表单auth cookie 但是我在阅读表单auth cookie时遇到了问题 当用户登录到asp.net应用程序时,我使用下面的代码进行表单身份验证 cookie是否作为MVC应
cookie是否作为MVC应用程序请求的一部分发送?我没有收到您的问题,但在验证之后。。我只是使用Response.Redirect(“site2url”)重定向到site2;所以在重定向之后,当浏览器向Site2发出请求时,您是否检查了请求头以查看cookie是否作为请求的一部分发送?我问这个问题是为了确保cookie是否被发送,而问题在于解密。是的cookie在重定向到site2页面后在请求头中。。但是如果我通过代码“Request.Cookies.allkey”检查。。它在这本书里不见了 FormsAuthentication.SetAuthCookie(txtUserName.Text.Trim(), false); FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket( 1, // version txtUserName.Text.Trim(), // get username from the form DateTime.Now, // issue time is now DateTime.Now.AddMinutes(30), // expires in 30 minutes false, // cookie is not persistent "" // role assignment is stored // in userData ); HttpCookie cookie1 = new HttpCookie( FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket1)); cookie1.Domain = FormsAuthentication.CookieDomain; Response.Cookies.Add(cookie1);
<authentication mode="Forms">
<forms name="Form.AUTH" loginUrl="~/Home.aspx" protection="All" path="/" requireSSL="true" domain="abc.com" cookieless="UseCookies" />
</authentication>
<machineKey validationKey="4B616C4E8BE5E18C3A1650939E88F3B0ED1AFC692919D7937DA68BBC552F04027DCF8BD31125E5E69094E1A4BA96731067BB57F0D3C34B63B9B03123703CD01A" decryptionKey="EC095D7743D3368F22FB7F482D9F41AA911922EC753515BB" validation="HMACSHA384" compatibilityMode="Framework20SP2" />
<machineKey validationKey="4B616C4E8BE5E18C3A1650939E88F3B0ED1AFC692919D7937DA68BBC552F04027DCF8BD31125E5E69094E1A4BA96731067BB57F0D3C34B63B9B03123703CD01A" decryptionKey="EC095D7743D3368F22FB7F482D9F41AA911922EC753515BB" validation="HMACSHA384" compatibilityMode="Framework20SP2" />
<authentication mode="Forms">
<forms loginUrl="account/" name="Form.AUTH" protection="All" path="/" domain="abc.com" requireSSL="true" cookieless="UseCookies"></forms>
</authentication>
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
try
{
if (Request.IsAuthenticated)
{
logClass.logger.Info("Request is authencated -- If");
}
else
{
logClass.logger.Info("Request is authencated -- else");
}
}
catch (Exception ex)
{
logClass.logger.Info("Request is authencated -- Error");
}
try
{
if (User.Identity.IsAuthenticated)
{
logClass.logger.Info("User.Identity.IsAuthenticated -- If");
}
else
{
logClass.logger.Info("User.Identity.IsAuthenticated -- else");
}
}
catch (Exception ex)
{
logClass.logger.Info("User.Identity.IsAuthenticated -- Error");
}
HttpCookie authCookie = HttpContext.Current.Request.Cookies["Form.AUTH"];
string[] myCookies = Request.Cookies.AllKeys;
logClass.logger.Info(myCookies);
logClass.logger.Info(FormsAuthentication.FormsCookieName);
try
{
logClass.logger.Info(HttpContext.Current.Request.Cookies["Form.AUTH"].Value);
}
catch (Exception)
{
logClass.logger.Info("Error value");
}
if (authCookie != null)
{
logClass.logger.Info(authCookie.Value);
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
if (authTicket.UserData == "OAuth") return;
CustomPrincipalSerializedModel serializeModel =
serializer.Deserialize<CustomPrincipalSerializedModel>(authTicket.UserData);
CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
//newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
HttpContext.Current.User = newUser;
}
}
Request.IsAuthenticated : false
User.Identity.IsAuthenticated : false
HttpCookie authCookie = HttpContext.Current.Request.Cookies["Form.AUTH"]; // its null
string[] myCookies = Request.Cookies.AllKeys;
logClass.logger.Info(myCookies); // no Form.AUTH cookie in it
logClass.logger.Info(FormsAuthentication.FormsCookieName);