开发者

ASP.Net Cross-Site Authentication

开发者 https://www.devze.com 2023-01-28 06:45 出处:网络
I have a website using Forms Authentication on domain1.com. I\'ve been asked how a login page can be developed on domain2.com which logs the user into domain1.com and redirects them to the domain1.co

I have a website using Forms Authentication on domain1.com.

I've been asked how a login page can be developed on domain2.com which logs the user into domain1.com and redirects them to the domain1.com homepage (domain2.com has no membership system and is purely an alternative page to log in to domain1.com from).

Is this possible out of the box or wo开发者_如何转开发uld I need to develop a page on domain1.com which authenticates the login request from domain2.com?


Yes, you can reuse the auth page. Create a form in domain2.com pointing the auth uri in domain1.com

Citing w3schools:

the possible values of the action attribute are:

  • An absolute URL - points to another web site (like action="http://www.example.com/example.htm")
  • A relative URL - points to a file within a web site (like action="example.htm")

UPDATE: I'm supposing you want to only get authenticated for the pages of domain1. although you're sending the credentials from the domain2, you're POSTING your data and being redirected to domain1. so the auth cookie will only be valid for such domain (domain1).


This can be done by adding this to the web.config for both sites inside the system.web node.

 <machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
        decryptionKey="261F793EB53B761503AC445E0CA28DA44AA9B3CF06263B77"
        validation="SHA1"/>

This will allow the apps to share authentication data via the cookie on the client's machine.

You will want to generate a private validation and decryption key. This Microsoft page explains how http://support.microsoft.com/kb/312906

0

精彩评论

暂无评论...
验证码 换一张
取 消