开发者

Single-Sign-On ASP.NET MVC

We are trying to build a cross-domain single-sign on solution using ASP.NET MVC.

开发者_运维百科Any existing solutions or tutorials available ?


If you web applications are on the same server and same domain then all you need to do is insure that the Validationkey and encryption key are the same in the web config (machineKey).

In your example you will need to append the authentication ticket to the query string, to transport it back to the other domain, for example:

public void Login(string userName, string password)
{
    if(AuthenticateUser(userName,password))
    {
        Response.Redirect(String.format("{0}?{1}={2}"), 
            Request.QueryString["ReturnUrl"],
            FormsAuthentication.FormsCookieName,
            FormsAuthentication.GetAuthCookie(userName, false).Value));
    }
}

On the local application you have to enable cookieless forms authentication, and allow authenticated users to come from external applications by setting enableCrossAppRedirect.

<authentication mode="Forms">
    <forms enableCrossAppRedirect="true" cookieless="useUri" />
</authentication>

Notes:

  1. See also FormsAuthentication.RedirectFromLoginPage - http://msdn.microsoft.com/en-us/library/ka5ffkce.aspx.

  2. In my case ReturnUrl lost domain part of url :(

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜