问题
We have two separate MVC 4 Web Applications that run as parts of the same website. The main (parent) project has authentication, and it works fine. Now that we've added the second project to the same site (one page that runs in a child frame), we can't figure out how to make it use the authorization that the user has undergone through the parent application.
Both use the same forms element in web.config:
<forms loginUrl="~/Account/LogOn" name=".ASPXFORMSAUTH" domain="..." protection="All" timeout="2880"/>
Do I need more than an [Authorize]-tag in the child project?
[Authorize]
public class HomeController : Controller
{
...
public ActionResult Index()
{
return View();
}
...
}
Probably needless to say, the page is redirected to the logon-page if i try to access the child project's HomeController, even though a user is logged in in the parent project.
Both projects use the same machineKey.
Any ideas?
回答1:
Make sure that the domain property is set to the parent domain:
<forms
loginUrl="~/Account/LogOn"
name=".ASPXFORMSAUTH"
domain="domain.com"
protection="All"
timeout="2880"
/>
Also make sure that you have set the same machine keys for both applications:
<machineKey validationKey="5C1E392DB9867A990FE0161B8BD07C1B165921DDAB21ADCC4C8F15D67EA2DECD7AEBB04409A411C69CB125EDEA3702B64DF17D47AD951461F444175BDF0277CF" decryptionKey="43CC900E97D496FC6C5C0C12FE005F9E846675C4BD45977BA5CEE852741ED3B6" validation="SHA1" decryption="AES" />
This will ensure that a forms authentication cookie encrypted by the first application could be decrypted by the second. You could use the following website to generate strong machine keys.
(Link removed. Is no longer valid)
来源:https://stackoverflow.com/questions/16893893/sharing-authentication-between-parent-and-child-web-applications