站点A
<
authentication
mode
="Forms"
>
<
forms
name
=".CNBLOGS"
enableCrossAppRedirects
="false"
loginUrl
="Login.aspx"
defaultUrl
="MyAccount.aspx"
timeout
="1440"
></
forms
>
</ authentication >
</ authentication >
<
machineKey
validationKey
="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey ="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation ="SHA1" />
decryptionKey ="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation ="SHA1" />
站点B和站点A的配置要一样,尤其是machineKey。
<
forms
name
=".CNBLOGS"
enableCrossAppRedirects
="false"
loginUrl
="http://localhost:3760/Login.aspx"
defaultUrl
="Country.aspx"
timeout
="1440"
></
forms
>
<
machineKey
validationKey
="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey ="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation ="SHA1" />
decryptionKey ="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation ="SHA1" />
这时,打开站点B的page就会跳转到站点A的login.aspx,可是ReturnURL丢失了站点B的domain,可以在Global中添加下面的代码:
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
HttpContext ctx = ((HttpApplication)sender).Context;
HttpRequest req = ctx.Request;
HttpResponse resp = ctx.Response;
if (!UrlAuthorizationModule.CheckUrlAccessForPrincipal(req.AppRelativeCurrentExecutionFilePath, ctx.User, req.RequestType))
{
HttpContext.Current.Response.Redirect(String.Format("{0}?ReturnUrl={1}", FormsAuthentication.LoginUrl, Server.UrlEncode(req.Url.AbsoluteUri)));
}
}
{
HttpContext ctx = ((HttpApplication)sender).Context;
HttpRequest req = ctx.Request;
HttpResponse resp = ctx.Response;
if (!UrlAuthorizationModule.CheckUrlAccessForPrincipal(req.AppRelativeCurrentExecutionFilePath, ctx.User, req.RequestType))
{
HttpContext.Current.Response.Redirect(String.Format("{0}?ReturnUrl={1}", FormsAuthentication.LoginUrl, Server.UrlEncode(req.Url.AbsoluteUri)));
}
}