【问题标题】:Authenticating Users for Multiple Applications on same host name but different paths对同一主机名但路径不同的多个应用程序的用户进行身份验证
【发布时间】:2017-11-13 09:23:51
【问题描述】:

我有两个使用 OWIN-MixedAuth 部署到同一服务器的 mvc 5 应用程序设置。每个应用程序都位于一个单独的文件夹中,并配置有自己的应用程序池,如下所示:

xyz.domain.com/MySiteA

xyz.domain.com/MySiteB

每个网站的配置如下

我的站点A:

<system.web>
   <customErrors mode="Off"/>
   <authentication mode="None" />
   <compilation debug="true" targetFramework="4.5.2" />
   <httpRuntime targetFramework="4.5.2" />
</system.web>
<!-- Enable Mixed Auth -->
<location path="MySiteA/MixedAuth">
   <system.webServer>
       <security>
        <authentication>
            <windowsAuthentication enabled="true" />
        </authentication>
       </security>
    </system.webServer>
</location>
<system.webServer>
    <modules>
        <remove name="FormsAuthentication" />
    </modules>
    <handlers>
        <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
        <remove name="OPTIONSVerbHandler" />
        <remove name="TRACEVerbHandler" />
        <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>`

MySiteB:

 <system.web>
   <customErrors mode="Off"/>
   <authentication mode="None" />
   <compilation debug="true" targetFramework="4.5.2" />
   <httpRuntime targetFramework="4.5.2" />
</system.web>
<!-- Enable Mixed Auth -->
<location path="MySiteB/MixedAuth">
   <system.webServer>
       <security>
        <authentication>
            <windowsAuthentication enabled="true" />
        </authentication>
       </security>
    </system.webServer>
</location>
<system.webServer>
    <modules>
        <remove name="FormsAuthentication" />
    </modules>
    <handlers>
        <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
        <remove name="OPTIONSVerbHandler" />
        <remove name="TRACEVerbHandler" />
        <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>`

当用户登录一个应用程序时,即使用户不是第二个应用程序的注册用户,也会自动登录到第二个应用程序。

类似地,从一个应用程序注销会自动将用户从第二个应用程序注销。

如果我使用表单或窗口进行身份验证,就会发生这种情况。我怎样才能防止这种情况发生?

这是我在两个应用程序上的登录代码:

    [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        // If user is already logged in
        if (HttpContext.Request.IsAuthenticated)
        {
            return RedirectToAction("Index", "Manage");
        }

        ViewBag.ReturnUrl = returnUrl;
        return View();
    }

这就是我在 startup.auth 中的内容:

var cookieOptions = new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        };

        app.UseCookieAuthentication(cookieOptions);

是否有更改 cookie 名称的选项?

【问题讨论】:

    标签: asp.net-mvc authentication owin-middleware


    【解决方案1】:

    将 CookieName 添加到 startup.auth:

     var cookieOptions = new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            CookieName = "MySiteA",
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        };
    
        app.UseCookieAuthentication(cookieOptions);
    

    【讨论】:

      猜你喜欢
      • 2012-08-13
      • 2020-07-24
      • 1970-01-01
      • 2017-07-30
      • 1970-01-01
      • 1970-01-01
      • 2015-05-24
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多