. NET application and aeai cas integration details,. netaeaicas details

. NET application and aeai cas integration details,. netaeaicas details
1Overview

The Unified identity authentication of a comprehensive SOA integration project of shutong changlian requires the Configuration Transformation of a third-party system with single-point login. In this project, the single-point login configuration is required. NET application system, which is recorded in this article. the integration process of the. NET application and aeai cas provides reference for the implementation of similar unified authentication configuration.

2 Expected readers

• Shutong changlian New Employee

• Technology enthusiasts

3 Environment Information

Operating System: Windows Server 2008

Third-party system. NET Framework Version: V4.0

4 Glossary

AEAI CAS: It is a unified authentication platform provided by shutong changlian based on the open-source Jasig CAS extension development. After years of practice and accumulation, it provides unified authentication services, authorization services, and centralized management of user information; features of the Unified Identity Authentication Platform of aeai cas include: account synchronization module and interface, single sign-on client configuration, and account and password management. The functional architecture of aeai cas is as follows:

 

. Net:. NET is a new-generation technology platform of Microsoft. It builds interconnected application systems for agile commerce. These systems are based on standards, Unicom, adapt to changes, stability, and high performance. From a technical point of view, A. NET application is an application running on the. NET Framework. If an application has nothing to do with. NET Framework, it cannot be called. NET programs. For example, if you only use XML, it is not a. NET application. If you only use the soap sdk to call a Web Service, it is not a. NET application .. NET is an operating platform based on Windows operating systems and is applied to the distributed Internet.

5 Configuration process5.1 Add dynamic link library

Before configuring CAS authentication, you must add the CAS client file, that is, the relevant dynamic link library. dll file, to the bin directory of the. NET application, for example:

 

5.2 Configure web. config

Before modifying the web. config file, first understand the meaning of some labels in the web. config file.

5.2.1 Web. config

Web. config is an XML text file used to store ASP. NET Web application configuration information (for example, the most common settings ASP. net Web application authentication method), which can appear in every directory of the application. When you pass. after creating a Web application, a default Web application is automatically created in the root directory by default. config file, including the default configuration settings. All subdirectories inherit its configuration settings. If you want to modify the configuration settings of a subdirectory, you can create a Web. config file under the subdirectory. It can provide configuration information other than the configuration information inherited from the parent directory, or rewrite or modify the settings defined in the parent directory.

Configuration section

Root element, and other sections are inside it.

This section defines application settings. You can also set some uncertain settings based on your actual situation.

For example:

I. defined a connection string constant, and can modify the connection string in actual application without modifying the program code. <Deleetask> <Add key = "SystemCode" value = "CM"/> II. defines a page. <Deleetask> <Add key = "KeepAlivePage" value = "default. aspx? Ping = y "/> <Deleetask>

<Compilation debug = "true" defaultLanguage = "c #" targetFramework = "4.0"> Debug: when it is true, start aspx debugging; if it is false, do not start aspx debugging, which can improve the performance of the application program. Generally, programmers are set to true during development and false when handed over to customers. Default language: defines the background code language. You can select C # And VB.net. TargetFramework is a command recognized by VS2010.

<CustomErrors mode = "Off"/> Mode: has three states: On, Off, And RemoteOnly. On indicates that custom information is always displayed; Off indicates that detailed asp.net error information is always displayed; RemoteOnly indicates that custom information is only displayed for users not running On the Local Web server.

<Globalization requestEncoding = "UTF-8" responseEncoding = "UTF-8" fileEncoding = "UTF-8"/> RequestEncoding: used to check the encoding of each request. ResponseEncoding: used to check the encoding of the returned response content. FileEncoding: used to check the default encoding for parsing files such as aspx and asax.

<SessionState mode = "StateServer" stateConnectionString = "tcpip = 127.0.0.1: 42424" cookieless = "UseCookies" timeout = "120" regenerateExpiredSessionId = "true"/> Mode: status options include off, Inproc, StateServer, and SqlServer. StateConnectionString: Specifies the name of the server in which the Asp.net application stores the remote session status. The default value is local. Cookieless: if it is set to true, the cookie session status is not used to identify the customer. Otherwise, the opposite is true. TimeOut: defines the time when session state is stored. If the duration is exceeded, the session is automatically terminated. RegenerateExpiredSessionId: Specifies whether to send a session ID again when the client specifies an expired session ID. By default, when regenerateExpiredSessionId is enabled, the session ID is reissued only in cookieless mode.

<Authentication mode = "Forms"> <Forms LoginUrl = "http: // localhost: 8080/cas/login" Timeout = "30" DefaultUrl = "~ /Main. aspx" Cookieless = "UseCookies" SlidingExpiration = "true"/> </Authentication> Windows: Use the IIS authentication method Forms: form-based authentication Ø Passport: Passport cookie Authentication Mode Ø None: no verification method is used.

<Authentication mode = "Forms"> <Forms loginUrl = "logon. aspx" name = ". FormsAuthCookie"/> </Authentication> The element loginUrl indicates the name of the login webpage, and name indicates the Cookie name.

<Authorization> <Deny users = "? "/> </Authorization> Note: You can use user. identity. name to obtain the authenticated user name.

Configure session Status settings for the current application (for example, whether to enable session status and whether to save session status ).

<SessionState mode = "StateServer" cookieless = "UseCookies" timeout = "120"/> Mode = "StateServer" indicates that the session status is stored locally (you can also choose to store the session status on a remote server or SAL server or not enable the session status) Cookieless = "UseCookies" indicates that Cookie is used to retain user data regardless of whether the browser or device supports cookies. Timeout = "120" indicates the number of minutes in which the session can be idle.

5.2.2 CAS configuration steps

Add configuration information about CAS in web. config

<Section name = "casClientConfig" type = "DotNetCasClient. Configuration. CasClientConfiguration, DotNetCasClient"/>

<CasClientConfig CasServerLoginUrl = "http: // localhost: 8080/cas/login" CasServerUrlPrefix = "http: // localhost: 8080/cas /" ServerName = "http: // YourIP: Port/ExampleWebsite" RedirectAfterValidation = "true" Gateway = "false" Renew = "false" SingleSignOut = "true" TicketTimeTolerance = "5000" TicketValidatorName = "Cas20" ProxyTicketManager = "CacheProxyTicketManager" ServiceTicketManager = "CacheServiceTicketManager" GatewayStatusCookieName = "CasGatewayStatus"/> Yellow indicates the CAS authentication service address Green indicates the logon address of a third-party system

<Authentication mode = "Forms"> <Forms LoginUrl = "http: // localhost: 8080/cas/login" Timeout = "30" DefaultUrl = "~ /Main. aspx" Cookieless = "UseCookies" SlidingExpiration = "true" /> </Authentication> <Authorization> <Deny users = "? "/> </Authorization> Note: authorization and authentication must be used together to achieve the effect.

<Remove name = "DotNetCasClient"/> <Add name = "DotNetCasClient" type = "DotNetCasClient. CasAuthenticationModule, DotNetCasClient"/>

<Add name = "DotNetCasClient" type = "DotNetCasClient. CasAuthenticationModule, DotNetCasClient"/>

5.2.3 Related Problems and Solutions

• Problem 1: After configuration, the system encounters a circular redirection problem after blocking through single-point logon.

  Solution:

• Problem 2: After logging on to the system, you must add "/" to the URL. Otherwise, loop redirection may occur.

Solution: remove the path attribute to solve the problem.

<Authentication mode = "Forms"> <Forms LoginUrl = "http: // localhost: 8080/cas/login" Timeout = "30" DefaultUrl = "~ /Main. aspx" Cookieless = "UseCookies" SlidingExpiration = "true" Path = "/XXXX /" /> </Authentication>

5.3 C # obtain Authenticated Users

After unified identity authentication is configured, You need to obtain the logon username in. net c #. You can obtain it in the following way:

String userName = HttpContext. Current. User. Identity. Name;

6 Description6.1 Reference

Http://www.cnblogs.com/doublemm/archive/2011/08/25/2153235.html

Http://www.cnblogs.com/xinhaijulan/archive/2010/08/21/1805116.html

6.2 Attachment description

The attachment is the dynamic link library file required for configuration, and the complete web. the config sample file and sample project are used for reference. Specifically, DotNetCasClient is the C # project of CAS, and ExampleWebSite is the sample project, which corresponds to the actual project.

Document and attachment download https://pan.baidu.com/s/1dFGDkzv