Home > Others

. Net-based Single Sign-On (SSO) solution (2)

Source: Internet
Author: User
Tags urlencode
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
[CSHARP]View plaincopy
  1. // Generate a token
  2. String tokenvalue = guid. newguid (). tostring (). toupper ();
  3. Httpcookie tokencookie = new httpcookie ("token ");
  4. Tokencookie. Values. Add ("value", tokenvalue );
  5. Tokencookie. Domain = "passport.com ";
  6. Response. appendcookie (tokencookie );

Master site credential: The master site credential is a relational table that contains three fields: Token, credential data, and expiration time. There are multiple implementation methods to choose from. If you require reliability, you can use the database. If you require performance, you can use the cache. In the demo, I use the datatable in the cache. The following code is used:

[CSHARP]View plaincopy
  1. /// <Summary>
  2. /// Initialize the Data Structure
  3. /// </Summary>
  4. /// <Remarks>
  5. ///----------------------------------------------------
  6. /// | Token | info | timeout |
  7. /// | ---------------------------------------------------- |
  8. /// </Remarks>
  9. Private Static void cacheinit ()
  10. {
  11. If (httpcontext. Current. cache ["Cert"] = NULL)
  12. {
  13. Datatable dt = new datatable ();
  15. DT. Columns. Add ("token", type. GetType ("system. String "));
  16. DT. Columns ["token"]. Unique = true;
  18. DT. Columns. Add ("info", type. GetType ("system. Object "));
  19. DT. Columns ["info"]. defaultvalue = NULL;
  21. DT. Columns. Add ("timeout", type. GetType ("system. datetime "));
  22. DT. Columns ["timeout"]. defaultvalue = datetime. Now. addminutes (double. parse (system. configuration. configurationmanager. etettings ["timeout"]);
  24. Datacolumn [] keys = new datacolumn [1];
  25. Keys [0] = DT. Columns ["token"];
  26. DT. primarykey = keys;
  28. // The cache expiration time is the token expiration time * 2
  29. Httpcontext. current. cache. insert ("Cert", DT, null, datetime. maxvalue, timespan. fromminutes (double. parse (system. configuration. configurationmanager. appsettings ["timeout"]) * 2 ));
  30. }
  31. }

Substation credential: Substation creden are mainly used to reduce network interaction during repeated verification. For example, if a user has logged on to substation A and accessed substation A again, you do not need to use the token to go to the master site for verification, because substation A already has the user's credential. The substation creden。 are relatively simple and can be used with session and cookie.

Substation SSO Page Base: The sub-station uses SSO pages to perform a series of logic judgment processes, such as the flowchart at the beginning of the article. If there are multiple pages, it is impossible to write such logic for each page. OK, then this logic is encapsulated into a base class. Any page that uses SSO can inherit this base class. The following code is used:

[CSHARP]View plaincopy
  1. Using system;
  2. Using system. Data;
  3. Using system. configuration;
  4. Using system. Web;
  5. Using system. Web. Security;
  6. Using system. Web. UI;
  7. Using system. Web. UI. webcontrols;
  8. Using system. Web. UI. webcontrols. webparts;
  9. Using system. Web. UI. htmlcontrols;
  10. Using system. Text. regularexpressions;
  12. Namespace SSO. sitea. Class
  13. {
  14. /// <Summary>
  15. /// Authorization Page Base Class
  16. /// </Summary>
  17. Publicclass authbase: system. Web. UI. Page
  18. {
  19. Protectedoverride void onload (eventargs E)
  20. {
  21. If (session ["token"]! = NULL)
  22. {
  23. // The substation credential exists.
  24. Response. Write ("congratulations, the substation credential exists. You are authorized to access this page! ");
  25. }
  26. Else
  27. {
  28. // Token Verification Result
  29. If (request. querystring ["token"]! = NULL)
  30. {
  31. If (request. querystring ["token"]! = "$ Token $ ")
  32. {
  33. // Hold the token
  34. String tokenvalue = request. querystring ["token"];
  35. // Call WebService to obtain the master site credential
  36. SSO. sitea. refpassport. tokenservice = new SSO. sitea. refpassport. tokenservice ();
  37. Object o = tokenservice. tokengetcredence (tokenvalue );
  38. If (o! = NULL)
  39. {
  40. // The token is correct.
  41. Session ["token"] = O;
  42. Response. Write ("congratulations, the token exists. You are authorized to access this page! ");
  43. }
  44. Else
  45. {
  46. // Token Error
  47. Response. Redirect (this. replacetoken ());
  48. }
  49. }
  50. Else
  51. {
  52. // Token not held
  53. Response. Redirect (this. replacetoken ());
  54. }
  55. }
  56. // Token verification is not performed, go to the master site for verification
  57. Else
  58. {
  59. Response. Redirect (this. gettokenurl ());
  60. }
  61. }
  63. Base. onload (E );
  64. }
  66. /// <Summary>
  67. /// Obtain the URL with the token request
  68. /// Append the token request parameter to the current URL
  69. /// </Summary>
  70. /// <Returns> </returns>
  71. Privatestring gettokenurl ()
  72. {
  73. String url = request. url. absoluteuri;
  74. RegEx Reg = new RegEx (@ "^ .*\?. + =. + $ ");
  75. If (Reg. ismatch (URL ))
  76. URL + = "& token = $ token $ ";
  77. Else
  78. URL + = "? Token = $ token $ ";
  80. Return "http://www.passport.com/gettoken.aspx? Backurl = "+ server. urlencode (URL );
  81. }
  83. /// <Summary>
  84. /// Remove the token from the URL
  85. /// Remove the token parameter from the current URL
  86. /// </Summary>
  87. /// <Returns> </returns>
  88. Privatestring replacetoken ()
  89. {
  90. String url = request. url. absoluteuri;
  91. Url = RegEx. Replace (URL ,@"(\? | &) Token =. * "," ", regexoptions. ignorecase );
  92. Return "http://www.passport.com/userlogin.aspx? Backurl = "+ server. urlencode (URL );
  93. }
  95. } // End class
  96. }


User logout:When the user exits, the master site creden。 and the current substation creden。 are cleared. If you want Site A to exit and site B and Site C to exit, you can expand the interface to clear the creden。 of each substation.
Master site expiration credential/token clearing: Records whose timeout field exceeds the current time in the able cache ["Cert.

Click here to download the demo

1. Configure the site in IIS

Configure four sites to point to the corresponding directory and specify the host headers of the four sites respectively:

Http://www.passport.com/

Http://www.a.com/

Http://www. B .com/

Http://www.c.com/

2. Modify the hosts file to resolve the domain name to the local site.

Http://www.passport.com/127.0.0.1/

Http://www.a.com/127.0.0.1/

Http://www. B .com/127.0.0.1/

Http://www.c.com/127.0.0.1/

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
single sign on java ade single sign on adfs single sign on sailpoint single sign on single sign on software verizon single sign on oauth2 single sign on

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More