Cross-application Single Sign-On (same as main domain) in ASP. NET)

Source: Internet
Author: User

Introduction

For most Web ApplicationsProgramMany people prefer form verification. When many applications run in multiple subdomains under a primary domain, single sign-on is a good option. After you log on to www.exapmle.com, you can access resources of everything.example.com.

Form verification does not support this feature by default, but it is not complicated to adjust it by appropriate methods.

ASP. net form verification is not complicated: it creates a special cookie named by the web. the name definition of the forms element in config. It contains encrypted authentication data. The default name of this cookie is. aspxauth.

Cookies are associated with host names by default for privacy and security reasons. However, the cookie mechanism supports accepting the cookie of a host in the domain of the host, which means that the cookie of the host server1.example.com can be used throughout example.com.

You can set cookies for second-level and third-level domains, but do not allow cookies for top-level domains. For example, setting. com cookies is not allowed.

Next, let's start setting up to see what work is needed.

Start setting

Like other applications, you must first set authentication in system. Web. For example:

< Authentication Mode = "Forms" >
< Forms Name = "Domainloginauth" Loginurl = "Http: // weblogin/default. aspx"
Protection = "All" />
</ Authentication >

 

As mentioned above, the authenticated cookie is encrypted, and the encrypted seed is randomly generated. When multiple servers are required to work together, the same encryption seed is required. Add the following section to system. Web:

< Machinekey
Validationkey = "Bd52058a3dea473ea99f29418689528a494df2b00054bb7c"  
Decryptionkey = "684fc9301f404de1b9565e7d952005579e823307bed44885"  
/>

If des is used for encryption, 16 hexadecimal symbols are used. If sha1 is used for encryption, 48 hexadecimal symbols are used. ASP. NET uses sha1 for encryption by default.

Start logon Verification

The domain information must be appended to the cookie before the verification cookie is sent to the customer,Code(Assume that the user name and password have been verified and are stored in the username variable ):

1 Httpcookie authcookie = Formsauthentication. getauthcookie (username, False );
2 Authcookie. Domain =   " Example.com " ;
3 Response. Cookies. Add (authcookie );
4 Response. Redirect (formsauthentication. getredirecturl (username, False );

Cancel

Generally, you do not need to perform any settings when logging out. You only need to call formsauthentication. signout (), but this function cannot process domain cookies.
Therefore, you should manually delete this cookie. The only way to manually delete this cookie is to set the cookie expiration time to the past time. refer to the following code:

Httpcookie authcookie = Request. Cookies [formsauthentication. formscookiename];
Authcookie. Domain =   " Example.com " ;
Authcookie. Expires = Datetime. Now. adddays ( - 1 );
Response. Cookies. Add (authcookie );

 

Now, your application can perform single-point logon.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.