Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
602 views
in Technique[技术] by (71.8m points)

iis 7 - Sharing authentication between two web applications

I have a base web site (Asp.net WebForms application) running under ie.

http://localhost:90/

Then I created a new (this time Asp.net MVC) application and added it under

http://localhost:90/mvc/

but not just as a simple virtual folder, but as an application folder by defining a different application pool to run it, compared to the parent application.

Since browsers can't know that there are two different application basically on the same domain it would work like:

  1. user accesses http://localhost:90/
  2. parent app redirects the user to forms authentication screen
  3. user successfully logs in
  4. parent web adds an authentication cookie
  5. user accesses http://localhost:90/mvc
  6. browser attaches the same cookie from parent app

Is it possible that I authenticate the user based on this same cookie? I would configure my MVC application to login redirect to parent app to have a shared authentication screen. But I'd like to know who authenticated and work from that point on.

I've read something about sharing the same system.web/machineKey values to provide this kind of functionality, but I would like some real world examples.

I'm aware that these two applications will not be able to share Session state and that's not a problem, because I don't want them to. All I want is a kind of single login (SSO/SSS)

Is this possible? How?

Important

I've read other questions/answers about this, but they are either asking about cross-domain/cross-server etc. This one is on the same IIS web site.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I found it myself.

This is the article on MSDN that talks exactly about this scenario. I decided to keep this question anyway for anyone that would be chasing the same information some time later.

MSDN: Forms Authentication Across Applications

In brief

You have to configure machine keys in web.config of both applications so they match hence they'll be able to decode data that the other party generated. And that's the whole trick. MSDN article explains this in great detail including how to generate those keys.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...