0

Say I have 2 sites and want to implement SSO between them. They are hosted at site1.localhost and site2.localhost. From what I've read so far I only needed the following in my web.config:

<authentication mode="Forms">
    <forms loginUrl="/Login.aspx" domain=".localhost" path="/" />
    <machineKey .../>
</authentication>

However, the following call does not issue authentication cookie at all:

FormsAuthentication.RedirectFromLoginPage(InputEmail.Text, true);

If I remove domain attribute from forms element the cookie is perfectly issued for site1.localhost domain. What am I missing?

p.s.

Windows 7 x64, ASP.NET 4.0, integrated pipeline, no extra modules/handlers

Update:

The following call returns a cookie with proper domain set (.localhost):

HttpCookie httpCookie = FormsAuthentication.GetAuthCookie(InputEmail.Text, true )

How is that possible?

4

1 回答 1

1

Cookie 至少需要一个由 2 部分组成的域名。如果您的网站是site1.local.domain& site2.local.domain,那么您可以为.local.domain. 您不能为 .localhost 发出 cookie

于 2013-10-15T13:28:40.627 回答