ASP. NET Forms Forms validation enables cross-domain sharing of cookies (i.e. SSO, Single sign-on (under Level two domain name))

1. Prerequisites:

Requires a single sign-on with ASP. NET-brought form validation (FormsAuthentication)

The configuration file is written as follows (Basic):

<authentication mode= "Forms" > <forms loginurl= "~/user/login" enablecrossappredirects= "true" timeout= "3600" Name= "Qz.bbs" cookieless= "usecookies" domain= "qz.com" protection= "All" requiressl= "false" ></forms>

</authentication>

enableCrossAppRedirects: Whether to use across applications

Name: Specifies the cookie name that is written to the browser after validation is passed, while verifying that the cookie name is read, gets the value, and then decrypts the assigned value to User.Identity.Name

　　　　Domain: Specifies the scope of the cookie issued by the form validation, and must be designated as a first-level domain name (if the sub-site is a level two domain name) in order to share cookies

Site under the same level one by one domain name, ①passport.qz.com---Verify the site

②site1.qz.com----Sub-site One

③site2.qz.com----Branch Site two

2. Introduction

In the form verification, the validation will write a cookie to the browser, but this cookie is encrypted, if not specified with what encryption algorithm will be based on the current server's machine automatically selected, so we need to verify the site to specify what algorithm, while in the sub-station also need to specify, This allows the sub-station to obtain the value of the validation cookie before it is properly decrypted and restored to the same value

3. Specific

1. Specify form validation in the authentication station and in the station, specify the name of the validated cookie and domain (verify that the site and the sub-station cookie name must be the same so that the station can obtain the cookie value of the authentication station)

　　　　

1<!--2by <authentication>section, configurable3 ASP. NET is used to identify users who enter4 Secure authentication mode. 5-6<authentication mode="Forms">7<forms loginurl="~/user/login"enablecrossappredirects="true"timeout="3600"Name="Qz.bbs"cookieless="usecookies"domain="qz.com"protection=" All"Requiressl="false">8</forms>9</authentication>

2. Because of the security of the ASP. NET, all the authentication after the written cookie value is encrypted, all we need to make authentication station and sub-station encryption and decryption mode , can be specified through the configuration file, so in the authentication station and sub-station configuration file in the < Add the following nodes to the System.web> node ( validationkey and decryptionkey are found online and can be generated from the server )

　　

 1  <machinekey  2  validationkey=  282487e295028e59b8f411acb689ccd6f39ddd21e6055a3ee480424315994760adf21b580d8587db675fa02f79167413044e25309cccdb647174d5b3d 0dd9141   3  Decryptionkey= " 8b6697227cbca902b1a0925d40faa00b353f2df4359d2099   " 4  validation="  SHA1  /> 

• Decryption attribute: Used to specify the encryption algorithm for the cookie under Forms authentication, with a value of Auto,aes or 3DES, the default is auto (ASP. NET chooses the best encryption algorithm based on the performance of the Web server.
• Validation attribute: Used to specify the algorithm for hash and encryption of the validation cookie, the value is AES,MD5,SHA1 and 3DES.
• The Descryptionkey property and the ValidationKey property: respectively, the verification code that encrypts the cryptographic key and hash operation of the authentication cookie.

In addition, the above configuration:

• AutoGenerate: Indicates that ASP. NET will generate the random key and store it in LSA (local isolated storage)
• IsolateApps indicates that a unique key will be created for each application of the Web server.

4. Algorithm generation

The AES algorithm requires a 64-bit hexadecimal character random sequence, and the SHA1 algorithm uses a 128-bit hexadecimal random sequence that we can use to generate the required random sequence:

string GetKey (int length)

{

byte[] buffer = new BYTE[LENGTH/2];

RNGCryptoServiceProvider Provider = new RNGCryptoServiceProvider ();

Provider. GetBytes (buffer);

StringBuilder builder = new StringBuilder (length);

for (int i = 0; i < buffer. Length; i++)

{

Builder. Append (String. Format ("{0:x2}", Buffer[i]);

}

Return builder. ToString ();

}