ASP. NET Forms authentication implementing subdomain sharing and login Defects

1. What is single sign-on
Single Sign-on is a unified logon method among multiple web applications. Once a web application is logged on

You do not need to log on again in sequence. All associated web applications exit in one place.

 

Ii. Defects in subdomain sharing login can be achieved through ASP. NET forms Authentication Mode

To use the ASP. Net form Authentication Mode to share the login status of different subdomains in the same primary domain, you need to configure the following

Configure web. config

 

1. Change the Asp.net Authentication mode to the forms authentication mode. The domain must be the domain name corresponding to your application, for example, .test.cn.

<Authentication mode = "forms">
<Forms name = ". aspnetform" Domain = ".test.cn" loginurl = "/login. aspx" defaulturl = "/default. aspx"

Protection = "all" timeout = "30" Path = "/" requiressl = "false" slidingexpiration = "true"

Enablecrossappredirects = "false" cookieless = "usedeviceprofile"/>
</Authentication>

2. Configure the encryption and decryption method for the ticket information stored in the cookie

 

<Machinekey

Validationkey = "success

E4e5eda-51e17c91830993445d0ea5708babbd "decryptionkey =" 5d37ddb652b86956 "validation =" sha1 "/>

Remarks: generate a machinekey URL
Http://www.aspnetresources.com/tools/keycreator.aspx

Log in to create a ticket

1. On the application login page (login. aspx), enter the user name, password, and verification pass. Then, create an encrypted authentication ticket and store it in the cookie.

// Create a verification ticket
Formsauthenticationticket ticket
= New formsauthenticationticket (1, name, datetime. Now,
Datetime. Now. adddays (1D), false,
Httpcontext. Current. Request. userhostaddress
);
String authticket = formsauthentication. Encrypt (ticket );
Httpcookie cookie = new httpcookie (formsauthentication. formscookiename, authticket );
Cookie. Domain = configurationmanager. receivettings ["ssodomain"];
Httpcontext. Current. response. Cookies. Add (cookie );

2. After logging in, enter the authorized page and obtain the ID user. Identity. name after the verification is passed;

 

If (! User. Identity. isauthenticated)
{
// Not logged on
Response. Redirect ("/login. aspx ");
}
String name = user. Identity. Name;

 

3. log out of the page, clear user information, and destroy tickets

Httpcontext. Current. session. Clear ();
Formsauthentication. signout ();

Iii. Defects in Forms authentication implementing subdomain sharing Login

As described above, multiple subdomains under the same primary domain name can share the logon status, but the primary domain name is limited. When the primary domain name is 1 letter, domain names suffixed with 2 letters cannot pass authentication. For example, a.cn domain names and a.jp domain names cannot achieve shared sub-domain names login, while other domain names can achieve, such as a.test.com, a.sina.cn and so on. You can also test it by modifying the hosts file. If you know how to solve this problem, please advise. Thank you !! The demo program is attached. Please advise!

PS: Because my company's domain name is p.cn, I want to use the form Authentication Mode to achieve subdomain name sharing login status, but it cannot be used !~~!! Khan, I don't know if this is a Microsoft Bug.