{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 霸刀☆藐视天下 的问题《Method for Sharing Forms Authentication Login betw》','https://www.manongdao.com/q-338350.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am going to have an ASP.net MVC web site (example.com) and a Web API site (api.example.com) running on the same domain. What is the best and most secure way to use Forms Authentication to allow a user to log in to the MVC site, and have that login accepted by the [Authorize] filter in the API site? Additionally, there is the possibility that both sites will be hosted on multiple servers (each of which might have its own subdomain), so a solution that would allow for a single sign on approach to work among all of the servers in the cluster would be preferred.
相关问题
- MVC-Routing,Why i can not ignore defaults,The matc
- Register MicroServices in Azure Active Directory (
- PromptDialog Choice with List object Bot Framework
- Dotnet Core API - Get the URL of a controller meth
- parameters in routing do not work MVC 3
相关文章
- FormsAuthenticationTicket expires too soon
- How to get a list of connected clients on SignalR
- How do you redirect to the calling page in ASP.NET
- Change color of bars depending on value in Highcha
- The program '[4432] iisexpress.exe' has ex
- ASP.Net MVC 4 Bundles
- How to get server path of physical path ?
- Cannot implicitly convert Web.Http.Results.JsonRes
Take a look at this link http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms this covers the answer in detail.
You will need to ensure all machines and separate applications on the site share a common (but unique to production) machine key to allow the authentication cookies to be trusted by all the machines/applications.
If you are simply using virtual directories under the same sub domain then simply harmonising the web.conig Forms Auth settings and machine keys should get you up and running very quickly.
If you want this to work between a second level domain then you need to change the "Domain" setting on the Form's Auth cookie. See the article for details.