开发者

ASP.NET sessions over multiple domains

开发者 https://www.devze.com 2023-01-17 06:26 出处:网络
Is there a proper .NET solution for providing persistent server sessions over multiple domains? i.e. I开发者_高级运维f a user of the site logs in under www.site1.com, they will also then be logged in

Is there a proper .NET solution for providing persistent server sessions over multiple domains?

i.e. I开发者_高级运维f a user of the site logs in under www.site1.com, they will also then be logged in under www.site2.com

Security is an issue with the program we are working on...

Thanks!


Does it need to be in the session or are you looking for a single signon solution. If the latter take a look at something along the lines of ADFS http://en.m.wikipedia.org/wiki/Active_Directory_Federation_Services?wasRedirected=true


You may want to start here instead of hacking into the ASPState database(possible, but I don't recommend it): http://www.codeproject.com/KB/session/sharedsession.aspx

Basically you set the AppDomain to be the same for both www.site1.com & www.site2.com using reflection.

You also may need to AppPath as well, we needed to, but our setup was slightly different than what you have. We added:

        FieldInfo appDomainInfo = typeof(HttpRuntime).GetField("_appDomainId", BindingFlags.Instance | BindingFlags.NonPublic);
        appDomainInfo.SetValue(theRuntime, "/LM/W3SVC/1/ROOT/A_Website_Name_Here");


The word 'session' can be a little confusing in ASP.NET.

If you are talking about security (authentication and authorization), you are probably looking for a Single Sign-On solution. In other words, when a user logs into one site they won't be prompted to log into another related site. Take a look at Windows Identity Foundation, OAuth, Jasig CAS. CAS is my preferred solution (I'm a developer on the .NET client), but the server is written in Java and you'll need some expertise with Java to get it configured the way you want.

In ASP.NET, Session state is a completely separate component from authentication and authorization (although it can depend on the result of the authentication step). If you are trying to share information between the 2 sites (i.e., shopping cart contents), you can either configure both domains to use the same database as a Session provider (google aspnet_regsql -ssadd) or you can just store the data in a database that is accessible by both.

For more info on why I emphasize the distinction, check this out: http://www.codeproject.com/KB/aspnet/ASPDOTNETPageLifecycle.aspx

Good luck.


Try using the canonical hostname URL Rewrite feature of the IIS 7.5 Url Rewrite 2 Module: Download

(This answer relies on both URL have hostheader entries for the same web application)

0

精彩评论

暂无评论...
验证码 换一张
取 消