FormsAuthentication implements single-point logon and java implements single-point logon.

FormsAuthentication implements single-point logon and java implements single-point logon.

Address: http://www.wlm.so/Article/Detail/lmb48bk9f690n00000

Single Sign-on, which is very common in the network, is discussed here to achieve Single Sign-On between sub-sites in the same primary domain. It is also suitable for login identification of sites after Server Load balancer.

. Net, based on the MVC environment, assuming the domain name is wlm. so.

Prerequisites:

1. cookie sharing

2. FormsAuthentication Encryption

3. server-side Processing

 

 

Again, starting from the principle:

The principle is very simple. After all logins, the user's identity is placed in the client's cookie, and the cookie is shared through the cookie. Each request server uses the cookie sent by the client as the identity to identify the user.

In this process, security is very important. How can we achieve security?

FormsAuthentication authentication and FormsAuthenticationTicket ticket encryption.

 

 

1. cookie sharing

Assume that the primary domain is wlm. so, the subdomain is a. wlm. so and B. wlm. so.

When writing a cookie to the server, you must specify the primary domain for the cookie. The Code is as follows:

 

When the cookie has not expired, the cookie will be submitted when a. wlm. so is enabled or B. wlm. so is enabled.

 

2. FormsAuthentication Encryption

If we write the user name in the cookie, it will be very insecure. Therefore, the FormsAuthentication authentication method is used to create a verification ticket through FormsAuthentication and save the ticket on the client.

First, run the Code:

Webconfig configuration ticket code:

The code for creating and writing tickets. login. LoginName is the login name and user ID:

 

After creating a ticket, write the client cookie. to record the logon information, add the cookie expiration time.

The ticket created above will be written in the cookie, and will be submitted when accessing the second-level website under the primary domain. However, the encryption keys for tickets vary with IIS, so they cannot be identified. You need to configure keys so that IIS on different servers can identify and verify tickets.

 

3. FormsAuthentication key generation and Configuration

You only need to add the configuration in webconfig:

The configuration includes the encryption key, decryption key, and encryption method. The key is not generated at will, and the generated code is included:

Click to download the generated code

 

4. After the server recognizes the user ID, it needs to record the session or use other recording methods through the Common Code. This will not be discussed here. The server obtains the user login name as follows:

A) Determine whether the user has logged on

If (httpContext. User. Identity. IsAuthenticated ){

// Log on

}

 

B) obtain the login name

 

String name = HttpContext. Current. User. Identity. Name; // login. loginName

 

 

Code attached:

HttpCookie cookie = new System. Web. HttpCookie ("cookiename", "cookievalue ");
Cookie. Domain = "wlm. so ";
System. Web. HttpContext. Current. Response. Cookies. Add (cookie );




FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (
1, // version number.
U. Id, // user name associated with the authentication ticket.
DateTime. Now, // Cookie sending time.
DateTime. Now. AddMinutes (1000), // Cookie expiration date.
Login. Persistent! = 0, // If the Cookie is persistent, the value is true; otherwise, the value is false.
Login. LoginName // write user name
);
HttpCookie cookie =
New System. Web. HttpCookie (FormsAuthentication. FormsCookieName,
FormsAuthentication. Encrypt (ticket ));
Cookie. Domain = "wlm. so ";
System. Web. HttpContext. Current. Response. Cookies. Add (cookie );
Return LoginState. Success;




<Authentication mode = "Forms">
<Forms name = "FormsAuthCookie"
Path = "/" loginUrl = "~ /Login"
Domain = "wlm. so"/>
</Authentication>
<MachineKey validationKey = "****"
DecryptionKey = "***"
Validation = "SHA1"/>

 

Java Single Sign-On (multi-domain)

The Code cannot be posted to you. Sorry ....

The CAS-server component is generally used. LDAP databases are used for single-point logon.

I used to build an SOA-based unified campus Management System for my school. This configuration is good ~~

Single Sign-On focuses on: no matter whether the two website regions and servers are separated, as long as there is a certificate stub on the Single Sign-On server on their servers... so you don't need to worry about anything like domain names, as long as the certificate stub is on every website.

Your thinking has some problems: Single Sign-on is not the transmission of website cookies. It is a security mechanism based on https, that is, if the ca certificate is transmitted using cookies, you will encounter the issue of cookie sharing across websites, which is a dead end

Single Sign-On, java Implementation

It depends on how you have done it. An open-source framework can help you ,!
General Use of spring security is relatively good