ASP.Net Cross-Site Authentication

2019-05-22 20:32发布

I have a website using Forms Authentication on domain1.com.

I've been asked how a login page can be developed on domain2.com which logs the user into domain1.com and redirects them to the domain1.com homepage (domain2.com has no membership system and is purely an alternative page to log in to domain1.com from).

Is this possible out of the box or would I need to develop a page on domain1.com which authenticates the login request from domain2.com?

2条回答
虎瘦雄心在
2楼-- · 2019-05-22 21:00

This can be done by adding this to the web.config for both sites inside the system.web node.

 <machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
        decryptionKey="261F793EB53B761503AC445E0CA28DA44AA9B3CF06263B77"
        validation="SHA1"/>

This will allow the apps to share authentication data via the cookie on the client's machine.

You will want to generate a private validation and decryption key. This Microsoft page explains how http://support.microsoft.com/kb/312906

查看更多
放我归山
3楼-- · 2019-05-22 21:01

Yes, you can reuse the auth page. Create a form in domain2.com pointing the auth uri in domain1.com

Citing w3schools:

the possible values of the action attribute are:

  • An absolute URL - points to another web site (like action="http://www.example.com/example.htm")
  • A relative URL - points to a file within a web site (like action="example.htm")

UPDATE: I'm supposing you want to only get authenticated for the pages of domain1. although you're sending the credentials from the domain2, you're POSTING your data and being redirected to domain1. so the auth cookie will only be valid for such domain (domain1).

查看更多
登录 后发表回答