表单身份验证问题,从 app1 调用 app2 上的 http 处理程序未进行身份验证
我有 2 个 ASP.NET Web 应用程序。
http://app1.local/
App2
http://app2.local/
有一个 httpHandler,它接受一些凭据,并使用表单身份验证使用户登录。
FormsAuthentication.SetAuthCookie(cookieUserName, createPersistentCookie);
HttpCookie authCookie = context.Response.Cookies[FormsAuthentication.FormsCookieName];
我直接在浏览器中运行它,当我在 app2 上打开另一个页面时,我就可以正常登录了。
问题:
在 app1 上,我有一个登录页面,它向 app2 上的 httpHandler 发出 httpweb 请求。由于某种原因,当我使用相同的凭据登录然后转到 app2 时,我没有登录到 app2 网站。
这是为什么呢?
I have 2 asp.net web applications.
http://app1.local/
and
http://app2.local/
App2 has a httpHandler that takes in some credentials, and logs the user in using forms authentication.
FormsAuthentication.SetAuthCookie(cookieUserName, createPersistentCookie);
HttpCookie authCookie = context.Response.Cookies[FormsAuthentication.FormsCookieName];
I run this directly in my browser and when I open up another page on app2, I am logged in just fine.
The problem:
On app1 I have a login page, that does a httpwebrequest to the httpHandler on app2. For some reason, when I login with the same credentials and then go to app2 I am not logged into the app2 website.
Why is this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
它们有相同的 cookie 名称吗? (FormsAuthentication.FormsCookieName) 如果这样做,它们可能会互相覆盖。
凭证相同这一事实是无关紧要的(我认为)。因为它们是两个不同的应用程序/站点,所以它们之间没有明确的信任关系 - 用户需要直接对自己进行身份验证(这并不奇怪)。因此,如果相同的表单身份验证 cookie 被覆盖,您之前的身份验证就会丢失。
Do they have the same cookie name? (FormsAuthentication.FormsCookieName) If they do they might be overwritting each other.
The fact that the credentials are the same is irrelevant (I think). Because they are two different apps/sites they don't have an explicit trust relationship between them - users need to authenticate themselves directly (not surprising). So if the same Forms Authentication cookie is being overwritten your previous authentication is lost.
在我看来,App2 是您的身份验证器服务,其他应用程序(此处仅是 App1)使用它来对用户进行身份验证。
现在,直接通过 App2 登录页面登录和通过 http 请求调用对 App1 中的用户进行身份验证是完全不同的,即使身份验证仅发生在 App2 中。
如何调试和解决:
通过 App1 向 App2 发出的 Http 请求调用大多会调用与 App2 中直接登录不同的方法。从 App1 到 App2 的此 http 请求不涉及任何浏览器交互 - 它是这 2 个应用程序之间的内部调用。解决此问题的一种方法是 App1 也应该设置与 App2 相同的 cookie。
如果你能找出两种方法的差异并弥补差距,就能找到其他线索。
It appears to me that App2 is your Authenticator Service which is used by other Apps(here just App1) for authentication of the user.
Now to login directly via App2 login page and to authenticate user in App1 via http request call is entirely different even though Authentication only happens in App2.
How to debug and resolve:
Http request call made via App1 to App2 would mostly be calling different method than direct login in App2. This http request from App1 to App2 doesn't involve any browser interaction - it's internal call between these 2 apps. One way to solve it would be that App1 should also set same cookies as App2.
Other clues can be found out if you can figure out the differences in both the methods and bridge the gap.