跨域持久登录

本文关键字：登录 | 更新日期: 2023-09-27 18:17:47

我正在运行一个简单的ASP。. NET MVC网站，可以通过多个域在本地访问。

这是我的问题的复制:

1)用户查看使用域1的站点。2)用户登录成功。3)用户通过域2查看站点。4)网站就像用户从未登录过一样。5)用户使用域1查看站点。6)站点现在看到用户再次登录。l

所以基本上用户状态没有跨域持久化。我最初的想法是会话状态没有跨域共享-这是导致这种情况的原因吗?有什么简单的方法可以解决吗?

更新

这是我目前如何设置身份验证:

[assembly: OwinStartup(typeof(ConfigStartup))]
namespace Yeack
{
    public partial class ConfigStartup
    {
        public void Configuration(IAppBuilder Application)
        {
            public void ConfigureAuthentication(IAppBuilder Application)
            {
                Application.CreatePerOwinContext<RepositoryManager>((x, y) => new RepositoryManager(new SiteDatabase(), x, y));
                Application.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    LoginPath = new PathString("/login"),
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    Provider = new CookieAuthenticationProvider
                    {
                        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<UserManager, User, int>(
                            validateInterval: TimeSpan.FromMinutes(30),
                            regenerateIdentityCallback: (manager, user) => user.GenerateClaimsAsync(manager),
                            getUserIdCallback: (claim) => int.Parse(claim.GetUserId()))
                    }
                });
                Application.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
            }
        }
    }
}

In my Web。配置，我有以下属性:

<configuration>
    <system.web>
        <customErrors mode="Off" />
    </system.web>
</configuration>

基于这些设置，是否有办法使多域认证工作?

跨域持久登录

这是从WebAPI获得令牌授权的方法。

RestUtils.GetTokenData(AppDefaults.UrlAPI, model.User, model.Pass);

这个方法在cookie模型上持久化。使用FormsAuthentication对用户进行授权

Response.SetAuthCookie(model.User, true, model);

web . config

<system.web>
    ...
    <!-- Authentication -->
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" slidingExpiration="true" timeout="30" />
    </authentication>
    <sessionState cookieless="UseCookies" mode="InProc" timeout="30" />
</system.web>

Extension.cs

public static class HttpResponseBaseExtensions
{
    public static int SetAuthCookie<T>(this HttpResponseBase responseBase, string name, bool rememberMe, T userData)
    {
        HttpCookie cookie = FormsAuthentication.GetAuthCookie(name, rememberMe);
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
        if (ticket != null)
        {
            FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
                ticket.IsPersistent, JsonConvert.SerializeObject(userData), ticket.CookiePath);
            string encTicket = FormsAuthentication.Encrypt(newTicket);
            cookie.Value = encTicket;
            responseBase.Cookies.Add(cookie);
            return encTicket != null ? encTicket.Length : 0;
        }
        return 0;
    }        
}

LoginVM.cs

public class LoginVM
{
    public string User { get; set; }
    public string Pass { get; set; }
}

AccountController.cs

public ActionResult Login(LoginVM model, string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    if (ModelState.IsValid)
    {
        HttpContext.Current.Session["TokenData"] = RestUtils.GetTokenData(AppDefaults.UrlAPI, AppDefaults.ProxyConfig, model.User, model.Pass);
        Response.SetAuthCookie(model.User, true, model);
        return Redirect(returnUrl);
    }
    return View(model);
}
public ActionResult LogOff()
{
    if (HttpContext.Session != null)
    {
        HttpContext.Session.Clear();
        HttpContext.Session.Abandon();
        HttpContext.Session.RemoveAll();
    }
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}