ASP.NET Identity Cookie across subdomains

2019-01-07 05:40发布

站内问答 / C#
1368 4 6

For forms authentication I used this in web.config (note the domain attribute):

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" name=".ASPXAUTH" protection="Validation" path="/" domain=".myserver.dev" />
</authentication>

How is a single sign-on across subdomains configured for the new ASP.NET Identity Framework in Mvc 5?

More Info:

I am creating a multitenant application. Each client will be on a subdomain:

client1.myapp.com

client2.myapp.com

I want a user to be able to sign on to client1.myapp.com and then go to client2.myapp.com and still be signed in. This was easy with forms authentication. I'm trying to figure out how to do it with the new Identity Framework.

EDIT

Here is the code that eventually worked for me:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
  AuthenticationType = "Application",
  LoginPath = "/Account/Login",
  CookieDomain = ".myapp.com"
});

4条回答
对你真心纯属浪费
2楼-- · 2019-01-07 06:00

In Startup.Auth.cs, you will see something like:

for RC:

app.UseSignInCookies();

This was removed in RTM and replaced with the explicit configuration of the cookie auth:

    app.UseCookieAuthentication(new CookieAuthenticationOptions {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login")
    });

The CookieAuthenticationOptions class has a CookieDomain property which is what you are looking for I believe.

查看更多
0人赞 添加讨论(0) 举报
甜甜的少女心
3楼-- · 2019-01-07 06:01

You need to set up in web.config the same machineKey for ALL websites/applications.

All websites MUST HAVE at least this configuration.

http://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.85).aspx

<system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" name=".ASPXAUTH" protection="Validation" path="/" domain=".myserver.dev" />
    </authentication>
    <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" decryption="Auto"/>
  </system.web>

This is an example

查看更多
0人赞 添加讨论(0) 举报
兄弟一词,经得起流年.
4楼-- · 2019-01-07 06:11

In the Startup.Auth.cs file, add the CookieDomain parameter with your domain:

var cookieAuthenticationOptions = new CookieAuthenticationOptions
{
    AuthenticationType  = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath           = new PathString("/Account/Login"),
    CookieDomain        = ".mydomain.com"
};

Then for all websites you need to set a unique machine key. The easiest way to generate a new one is using IIS:

Find the "Machine Key" option on your site:

enter image description here

Click the "Generate Keys" button to get your keys.

enter image description here

Finally, the above process will add the following to your web.config and you need to ensure that this is copied into each of your sites. 

<machineKey
  validationKey="DAD9E2B0F9..."
  decryptionKey="ADD1C39C02..."
  validation="SHA1"
  decryption="AES"
/>
查看更多
0人赞 添加讨论(0) 举报
狗以群分
5楼-- · 2019-01-07 06:17

This was driving me crazy until I learned that Identity 2.0 still depends on the machine key to encrypt the Authentication cookie. So if you want two instances of the same application on different sub-domains then you need to set the same machine key for each application.

So in summary:

  1. CookieDomain = ".myapp.com"

  2. Set identical machine keys in each application's web config

    <system.web>
  <machineKey decryptionKey="EEEB09D446CCFE71B82631D37DEDCC917B8CB01EC315" validationKey="60E4EFE8DD26C4BF8CDAEDCA10716C85820839A207C56C8140DB7E32BE04630AD631EDF25C748D0F539918283C5858AF456DBE208320CFFA69244B4E589" />
</system.web>

This answer led me to setting the values: Does ASP.NET Identity 2 use machinekey to hash the password?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)