开发者

Keep User logged in across multiple applications on multiple servers

I am building a suite of applications开发者_StackOverflow using ASP.NET.

  • Each application can be hosted on separate servers.
  • All the applications share an integrated database.
  • All applications require user authentication before use.
  • I want to build the ability to transfer users from one application to another without having to relogin.

Is there a way to recognize that a user is logged in one application and allow quick navigation to another application on a different server?

Currently I am storing the password hashes in the database; but I wouldn't be opposed to other suggestions if they solve the problem.


Here is what I have done in the past.

Each application must share a forms authentication ticket. To do this the forms authentication cookie name must have the same name, the machineKeys must be the same, and the protection mode must be the same.

This works across domains, but does not work across IPs. What I do to get around this is to serialize the ticket info and store it in the database with the session id as the key. If a user is not authenticated the server will look for the session id in the database and rebuild the FA ticket if found.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜