问题
I have two applications "http:/localhost/applicationA" and "http:/localhost/applicationB". I have configured applicationA for claim based authentication settings. applicationA is working perfectly. But I am refering some javascrips of applicationB from applicationA. But applicationB has no the authentication cookies(FedAuth).
Is it possible for me to add claim authentication in both applicationA, applicationB using the below code?
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost/applicationB/" />
<add value="http://localhost/applicationA/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="PassiveSigninSTS">
<keys>
<add thumbprint="DE161DD37B2FEC37BDB17CAFF33D982DCE47E740" />
</keys>
<validIssuers>
<add name="PassiveSigninSTS" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
回答1:
You would need to enable claims authentication in applicationB for this to work. In other words, you would need to setup the same system.identityModel web.config settings in applicationB as in applicationA (as you've shown in your example).
Is there a reason that the JavaScript needs to be secured? If the scripts aren't secured, why not just make them accessible to everyone so you won't need to worry about the single sign-on across sites?
来源:https://stackoverflow.com/questions/17739147/configure-claim-based-identity-for-multiple-applications-in-localhost