Recently a friend asked me a question:
How to put AspdotNet Forum 2.0 in one of his projects (as if someone discuss how to integrate Dottext and AspdotNet Forum, the original project has set a user login mechanism, and users The database is also ready, how to make it directly to Forum after signing on the system, but no need to enter user information again? Just starting to feel a piece of cake ... like this login, then you can Accessing multiple applications have been raised for a long time. A few years ago, I have made a similar product prototype, but that is aimed at heterogeneous websites, it is a proxy, just the internal mechanism will be The user database of the next few heterogeneous websites mapped. This way seems to solve the problem, but the mapping relationship between the database is very troublesome. If there is more than the application below, the workload is very large.
For this technique, there seems to have a named Single Sign on, a bit like Netease's pass. If the internal website is the same, the problem is not big, as long as it coordinates the format of this pass and some related questions. The situation of friends seems to be not so complicated, and his original project is also use .NET platform technology. Is there a better integrated solution under the .NET platform?
This naturally involves the relevant issues of verification under the .NET platform. ASP.NET itself has supported three verification methods (excluding none): 1. Windows authentication, newly established a web application, it seems that the default is in this way. Obviously this is not needed. 2. PassProt authentication requires Microsoft support, which actually provides a WebServices to help you unify the verification work, which doesn't seem too much necessary in the internal network project. 3. Forms authentication, pass the authentication information through cookies, which look similar to the pass, should be found.
The figure is a data flow chart for Forms authentication (in MSDN)
The above figure is very clear to describe the basic principles of Forms authentication, but for multiple applications? Check MSDN carefully (MSDN is really a lot of information, often read again and then I have forgotten the BTW that I have found there: Is there a MSDN bookmark function?), Discover a lot of related descriptions, but only one "cross-app Program for Forms authentication "is more specific, and the content is simple.
It seems that you need to do a simple test to make a simple test.
Create one first
Testlogon's web application main files include:
Default.aspx (page via validation) TEST1.APSX (Login page) Global.asax Web.config (configuration file)
Built another Testlogon2 web application main file: default.aspx (page via validation) Global.asaxweb.config (configuration file)
Test the final effect:
DEFAULT of the two web applications is protected. It is not possible to enter, even if you enter the access address URL, you will automatically jump to Testlogon / Test1.aspx asking for login. When the login passes, it can be arbitrarily DEFAULT.ASPX jump in two applications.
There is a logout function in TestLogon / Default.aspx, and you will need to log in again after logout.
To achieve this effect, the basic settings require: 1. Configure IIS to allow anonymous access to ensure that the delivery request can be controlled by IIS to ASP.NET; 2. If necessary is configured to SSL, this is not necessary; 3. The corresponding two application configuration files must be set;
These basic settings can be found in the MSDN, but the effect of experiments spent more than expected long time, so it feels very necessary to record it, and it is good for others.
The lessons learned are as follows: 1. Profile web.config, set the verification mode to Forms, and in the following parameters, to ensure part of the consistent Testlogon's Web.config corresponding part
<
Authentication
Mode
= "Forms"
>
<
Forms
Name
= ". Aspnetforum"
PROTECTION
= "Encryption"
TIMEOUT
= "60"
Loginurl
= "TEST1.ASPX"
/>
Authentication
>
Web.config for Testlogon2
<
Authentication
Mode
= "Forms"
>
<
Forms
Name
= ". Aspnetforum"
PROTECTION
= "Encryption"
TIMEOUT
= "60"
Loginurl
= "/ Testlogon / Test1.aspx"
/>
Authentication
>
2. The increase in MachineKey> is necessary to ensure that both sides of the two sides are consistent with the processing and reading of cookies. This attribute is necessary, and
<
MachineKey
ValidationKey
= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
DecryptionKey
= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
Validation
= "SHA1"
>
MachineKey
>
3. MSDN Although it is checked, it cannot be completely reliable, especially in the MSDN, and the code about MachineKey is as follows:
<
CONFIGURATION
>
<
SYSTEM
.web
>
<
Authentication
>
<
Forms
Name
= ". Aspxauth"
Loginurl
= "Logon.aspx"
PROTECTION
= "all"
>
Timeout = "30" PATH = "/">
Path Must Have a Compatible Scope.
->
Authentication>
.
->
<
MachineKey
>
validationKey = "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey = "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation = "SHA1" isolateApplications = "false"
MachineKey
>
System.Web
>
CONFIGURATION
>
But it is obviously wrong. If you compile it, you will know, the format is wrong, and isolateApplication is not so used.
4. To ensure that the cookie read on both sides, don't use IsolateApplication, it makes each of your own cookies.
5. About Global.asax, for the AUThentication node in Web.config, the events in Global.asax, corresponding
Function is
protected
Void
Application_AuthenTicateRequest (Object Sender, Eventargs E)
6. Try the AspdotNetforum 2.0 code to find that global.asax is gone, and there is more than one in its configuration file.
<
Httpmodules
>
<
Add
Name
= "ASPNETFORUMS"
Type
= "Aspnetforums.forumshttpmodule, aspnetforums.components"
/>
Httpmodules
>
Yes, look at the source code, structure of the ForumShttpModule, the same, as the Global.asax is basically, the event trigger function is the same.
Private
Void
Application_AuthenTicateRequest (Object Source, Eventargs E)
Don't say more about me? The answer to how to achieve the target of SSO with DotNetforum has come out.
Example code download
