Forms Authentication across virtual directories

2019-02-23 08:23发布

I am trying to share forms auth from a root application to a sub application running in a virtual directory. I am having trouble with authentication in the subsite.

In the parent application everything works as expected.

I have the following setup:

Parent application:

  • URL: http://localhost:1336/
  • <forms loginUrl="~/account/sign-in" protection="All" timeout="30" name=".MYAPPLICATION" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="/" />

Virtual Directory:

  • URL: http://localhost:1336/subsite
  • <forms loginUrl="/account/sign-in" protection="All" timeout="30" name=".MYAPPLICATION" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="/" />

When i try to a http://localhost:1336/subsite I get the following flow:

  • GET for http://localhost:1336/subsite -> 302 to /account/sign-in?ReturnUrl=%2fsubsite (looks ok)
  • Enter User/password
  • POST to http://localhost:1336/account/sign-in?ReturnUrl=%2fsubsite -> 302 /subsite (great the auth looks like its successful)
  • GET for http://localhost:1336/subsite -> 302 to /account/sign-in?ReturnUrl=%2fsubsite (IE the subsite doesnt think its authenticated)

Also i can see the cookie in the list in my browser (so its actually there)

What have I got wrong in my config that's stopping my subsite from sharing the parent cookie?

I am running this on IISExpress

1条回答
孤傲高冷的网名
2楼-- · 2019-02-23 09:25

In your web.config files, set a common machine key between the projects so that the 2 domains share validation and decryption keys.

example:

<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7" 
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>
查看更多
登录 后发表回答