. NET Single Sign-on

<Deleetask>
<! -- Whether to enable the single sign-on interface -->
<Add key = "isstartcas" value = "false"/>
<! -- CAS logon address -->
<Add key = "loginurl" value = "http: // YS: 3000/CAS/login"/>
<! -- CAS verification address -->
<Add key = "validateurl" value = "http: // YS: 3000/CAS/servicevalidate"/>
<! -- CAS logout address -->
<Add key = "logouturl" value = "http: // YS: 3000/CAS/logout"/>
</Appsettings>

Using system;
Using system. Web. Security;
Using system. Web;
Using system. net;
Using system. IO;
Using system. xml;
Using system. Security. Principal;
Using system. configuration;
Using system. Web. sessionstate;

Namespace lcsoftcard. casmodule
{
/// <Summary>
// CAS single-point logon Interface
/// Yisafe
// 2010-08-13
/// </Summary>
Public class ssocasmodule: ihttpmodule, ireadonlysessionstate
{
// Return URL coolie name
Protected const string returnurl = "lcsoftcard. casmodule ";
Public void Init (httpapplication Application)
{
String isstartcas = configurationmanager. receivettings. Get ("isstartcas ");
If (isstartcas = "true ")
{
Application. authenticaterequest + = (New eventhandler (this. application_authenticaterequest ));
// Application. prerequesthandlerexecute + = (this. context_prerequeshandlerexecute );
}
}

Private void application_authenticaterequest (Object source, eventargs E)
{
Httpapplication application = (httpapplication) source;
String caslogin = configurationmanager. receivettings. Get ("loginurl ");
String casvalidate = configurationmanager. receivettings. Get ("validateurl ");
If (caslogin = NULL | caslogin. Length <1 | casvalidate = NULL | casvalidate. Length <1)
{
// Trigger a server error if cashost is not set in the web. config
App. response. statuscode = 500;
Return;
}
String cookiename = formsauthentication. formscookiename;
Httpcookie authcookie = application. Request. Cookies [cookiename];
If (authcookie! = NULL)
{
Formsauthenticationticket authticket = NULL;
Try
{
Authticket = formsauthentication. decrypt (authcookie. value );
}
Catch
{
// Todo: Make a 500 error or go back to Authentication
Return;
}

If (authticket = NULL)
{
// Todo: Make a 500 error or go back to Authentication
Return;
}
// Create an identity objet
Formsidentity identity = new formsidentity (authticket );
// Create a principal
Genericprincipal principal = new genericprincipal (identity, null );
// Attach the principal to Tue context objet that will flow throughout the request.
Application. Context. User = principal;
}
Else
{
// Check if we are back from CAS Authentication
// Look for the "ticket =" string after "? "In the URL when back from CAS
String casticket = application. Request. querystring ["ticket"];
// The CAS service name is the page url for CAS server call back
// So any query string is discard.
String service = application. Request. url. getleftpart (uripartial. Path );
If (casticket = NULL | casticket. Length = 0)
{
// Memorize the initial request query string
Application. response. Cookies [returnurl]. value = application. Request. rawurl;
// Redirect to CAS Server
String redir = caslogin + "? Service = "+ service;
Application. response. Redirect (redir );
Return;
}
Else
{
// Second pass (return from CAS server) because there is a ticket in the query string to validate
String validateurl = casvalidate + "? Ticket = "+ casticket +" & "+" service = "+ service;
WebClient client = new WebClient ();
Streamreader reader = new streamreader (client. openread (validateurl ));

// Put the validation response in a string
String resp = reader. readtoend ();

// Some boilerplate to set up the parse of validation response.
Nametable Nt = new nametable ();
Xmlnamespacemanager nsmgr = new xmlnamespacemanager (NT );
Xmlparsercontext context = new xmlparsercontext (null, nsmgr, null, xmlspace. None );
Xmltextreader reader = new xmltextreader (resp, xmlnodetype. element, context );

String netid = NULL;

// A very dumb use of XML by looping in all tags.
// Just scan for the "user". If it isn't there, its an error.
While (reader. Read ())
{
If (reader. isstartelement ())
{
String tag = reader. localname;
If (TAG = "user ")
{
Netid = reader. readstring ();
Break;
}
}
}
Reader. Close ();

// If there was a problem, leave the message on the screen. Otherwise, return to original page.
If (netid = NULL)
{
Application. response. Write ("get Cas configuration error! ");
}
Else
{
Application. response. Write ("Bienvenue" + netid );
// Create the authentication ticket and store the roles in the user data
Lcsoftcard. BLL. tmasterformsticket BLL = new lcsoftcard. BLL. tmasterformsticket ();
Lcsoftcard. model. tmasterformsticket model = BLL. GetModel (netid );
If (model. personid! = Guid. Empty)
{
String userdata = model. personid + "|" + model. personno + "|" + model. personname;
Formsauthenticationticket ticket = new formsauthenticationticket (1, model. masterid. tostring (), datetime. Now, datetime. Now. addminutes (lcsoftcard. Service. appconfig. sessiontimeout), true, userdata );
// Encrypt the ticket
String encryptedticket = formsauthentication. Encrypt (ticket );
// Create a cookie and use the encrypted ticket as data
Authcookie = new httpcookie (formsauthentication. formscookiename, encryptedticket );
// Add the cookie to the response cookie collection
Application. response. Cookies. Add (authcookie );

/// Go the initial request URL
// String returnurl;
/// If the return URL cookie is lost, return to the default page
// If (application. Request. Cookies [returnurl] = NULL)
// Returnurl = application. Request. applicationpath;
// Else
// Returnurl = application. Request. Cookies [returnurl]. value;

Application. response. Redirect (formsauthentication. defaulturl );
}
Else
{
Application. response. Write ("error: system not" + netid );
}
}
}
}
}

Private void context_prerequeshandlerexecute (Object source, eventargs E)
{
Httpapplication application = (httpapplication) source;
System. Web. httpcontext. Current. session ["personno"] = application. Context. User. Identity. Name;
}

Public void dispose ()
{
}
}
}