2017-09-02 75 views
0

我想在我的ASP.NET應用程序上使用Auth0 & OWIN在同一個域上設置SSO。我使用以下教程setup my Owin ContextAuth0 ASP.Net.Owin SSO驗證cookie跨域

我配置了Auth0的cookie的名稱&域與CookieAuthenticationOptions在startup.cs:

string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"]; 
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"]; 
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"]; 

// Enable Kentor Cookie Saver middleware 
app.UseKentorOwinCookieSaver(); 
// Set Cookies as default authentication type 
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); 
app.UseCookieAuthentication(new CookieAuthenticationOptions 
{ 
    //Add Cross domain 
    CookieName = "sso.example.com", 
    CookieDomain = ".example.com", 
    AuthenticationType = CookieAuthenticationDefaults.AuthenticationType, 
    LoginPath = new PathString("/Account/Login") 
}); 

我Auth0配置在Startup.cs:

var options = new Auth0AuthenticationOptions() 
     { 
      Domain = auth0Domain, 
      ClientId = auth0ClientId, 
      ClientSecret = auth0ClientSecret, 
      Provider = new Auth0AuthenticationProvider 
      { 

       OnAuthenticated = context => 
       { 
        // Get the user's country 
        JToken countryObject = context.User["https://example.com/geoip"]; 
        if (countryObject != null) 
        { 
         string countryCode = countryObject["country_code"].ToObject<string>(); 
         string Lat = countryObject["latitude"].ToObject<string>(); 
         string Long = countryObject["longitude"].ToObject<string>(); 
         string City = countryObject["city_name"].ToObject<string>(); 
         string Country = countryObject["country_name"].ToObject<string>(); 

         context.Identity.AddClaim(new Claim("country_code", countryCode, ClaimValueTypes.String, context.Connection)); 
         context.Identity.AddClaim(new Claim("country_name", Country, ClaimValueTypes.String, context.Connection)); 
         context.Identity.AddClaim(new Claim("city_name", City, ClaimValueTypes.String, context.Connection)); 
         context.Identity.AddClaim(new Claim("longitude", Long, ClaimValueTypes.String, context.Connection)); 
         context.Identity.AddClaim(new Claim("latitude", Lat, ClaimValueTypes.String, context.Connection)); 
        } 
        JToken userMeta = context.User["https://example.com/user_metadata"]; 
        if (userMeta != null) 
        { 
         string companyName = userMeta["company"].ToObject<string>(); 
         context.Identity.AddClaim(new Claim("company", companyName, ClaimValueTypes.String, context.Connection)); 
         string fullName = userMeta["full_name"].ToObject<string>(); 
         context.Identity.AddClaim(new Claim("full_name", fullName, ClaimValueTypes.String, context.Connection)); 
        } 

        JToken rolesObject = context.User["https://example.com/app_metadata"]; 
        if (rolesObject != null) 
        { 
         string[] roles = rolesObject["roles"].ToObject<string[]>(); 
         foreach (var role in roles) 
         { 
          context.Identity.AddClaim(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, context.Connection)); 
         } 
        } 

        return Task.FromResult(0); 
       } 
      } 

     }; 
     options.Scope.Add("openid profile"); // Request a refresh_token 

我怎麼會去關於在輔助應用程序上驗證客戶端? Cookie可以在輔助應用程序上使用,但我仍然需要通過Auth0進行登錄。我錯過了什麼嗎?還是有一篇文章我可以閱讀有關implimentation?

回答

1

我通過複製在這兩個應用相同startup.cs,並增加了machine key到根Web配置文件,在的System.Web標籤解決了這個。

我的初始配置沒有任何變化,我只是將域名更改爲我的域名。

+0

是的,具有相同應用程序密鑰的應用程序共享相同的Cookie – Verthosa