Asp. NET implementation of single sign-on (SSO) in different scenarios

First: Single sign-on with primary domain but different subdomains

The form verification is based on identity cookie authentication. After the customer logs in, a cookie containing the user's identity information (including a ticket) is generated, and the name of the cookie is the name information set in the Authentication section form in Web. config, such as

<authentication mode= "Forms" >

<forms loginurl= "Login.aspx" name= ". Aspxauth "path="/"protection=" All " domain=". zuowenjun.cn "></forms>
</authentication>

Over here. Aspnetauth is the name of the cookie. By including this cookie in the Request.Cookies collection, the user identity information is passed. So, the idea of sharing authentication information is simple: As long as this authentication cookie can be shared from the domain name, the form verification information can be shared naturally!

Code implementation:

String userData = jsonhelper.scriptserialize (user); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1, user.userid.ToString (), DateTime.Now, DateTime.Now.AddHours (4), false, UserData);
HttpCookie cookie = new HttpCookie (Formsauthentication.formscookiename, Formsauthentication.encrypt (ticket));// Encrypt identity information, save to Cookie
cookies. Domain = ". zuowenjun.cn";
RESPONSE.COOKIES.ADD (cookie);

Second: SSO between the master and child applications of the virtual directory

<authentication mode= "Forms" >
<forms name= ". Ssoauth "protection=" All "timeout=" loginurl= "Login.aspx"/>
</authentication>

The more important two attributes are name and protection. When the protection property is set to "all", the hash value is used to encrypt and verify the data stored in the cookie. The default authentication and encryption keys are stored in the Machine.config file, We can overwrite these values in the application's Web. config file. The default values are as follows:
<machinekey validationkey= "Autogenerate,isolateapps" decryptionkey= "Autogenerate,isolateapps" validation= "SHA1 "/>
IsolateApps indicates that a different key is generated for each application. We can't use this. In order to encrypt and decrypt cookies using the same key in multiple applications, we can remove IsolateApps option or a better approach is to set a specific key value in the Web. config of all applications that need to implement SSO:
<machinekey validationkey= "f9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902" decryptionkey= " F9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902f8d923ac "validation=" SHA1 "/>

Third: SSO is implemented for applications under different domain names (also suitable for the above scenarios)

The main approach is to use page URL and redirect to implement, there are many ways to implement this kind of implementation, but may need to pay attention to security issues.

Where SSO is implemented using Web service,
Refer to: http://www.cnblogs.com/wu-jian/archive/2012/11/14/2756694.html

For more related articles, please visit my personal website:http://www.zuowenjun.cn

ASP. NET implementation of single sign-on (SSO) in different scenarios