ASP.NET多站点共享Form验证状态

站点A

<authentication mode="Forms">
 　　<forms name=".CNBLOGS" enableCrossAppRedirects="false" loginUrl="Login.aspx" defaultUrl="MyAccount.aspx" timeout="1440"></forms>
</authentication>

<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
 decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />

站点B和站点A的配置要一样，尤其是machineKey。

<forms name=".CNBLOGS" enableCrossAppRedirects="false" loginUrl="http://localhost:3760/Login.aspx" defaultUrl="Country.aspx" timeout="1440"></forms>

<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
 decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />

这时，打开站点B的page就会跳转到站点A的login.aspx，可是ReturnURL丢失了站点B的domain，可以在Global中添加下面的代码：

protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
        {
            HttpContext ctx = ((HttpApplication)sender).Context;
            HttpRequest req = ctx.Request;
            HttpResponse resp = ctx.Response;
            if (!UrlAuthorizationModule.CheckUrlAccessForPrincipal(req.AppRelativeCurrentExecutionFilePath, ctx.User, req.RequestType))
            {
                HttpContext.Current.Response.Redirect(String.Format("{0}?ReturnUrl={1}", FormsAuthentication.LoginUrl, Server.UrlEncode(req.Url.AbsoluteUri)));
            }
        }

posted @ 2011-06-23 17:54 Antony Yang 阅读(363) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部