Asp. NET implementation of single sign-on (SSO) applicable to what situation?

The first one: a single point of landing between the same primary domain but different subdomains

Form validation is actually authentication based on the identity cookie. When the customer logs in, a cookie containing the user's identity (including a ticket) is generated, and the name of the cookie is named information set in the authentication section form in web.config, such as

The code is as follows:

Over here. Aspnetauth is the name of the cookie. By including this cookie in the Request.Cookies collection, the user identity information is delivered. So, the idea of sharing authentication information is simple: As long as the authentication cookie can be shared from the domain name, form validation information can be shared!

Code implementation:

String userData = jsonhelper.scriptserialize (user);

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1, user.userid.ToString (), DateTime.Now, DateTime.Now.AddHours (4), false, UserData);

HttpCookie cookie = new HttpCookie (Formsauthentication.formscookiename, Formsauthentication.encrypt (ticket)); Encrypt identity information, save to Cookie

Cookie. Domain = ". zuowenjun.cn";

RESPONSE.COOKIES.ADD (cookie);

　　Second: Implementing SSO between the main application of the virtual directory and the child application

The code is as follows:

The two more important attributes are name and protection. When the protection property is set to "all", the hash value is used to encrypt and verify that the data is stored in the cookie. The default authentication and encryption keys are stored in the Machine.config file. We can overwrite these values in the application's Web.config file. The default values are as follows:

The code is as follows:

IsolateApps represents generating a different key for each application. We can't use this. In order to encrypt and decrypt cookies using the same key in multiple applications, we can remove the IsolateApps option or a better approach is to set a specific key value in the web.config of all applications that need to implement SSO:

The code is as follows:

　　Third: Applications under different domain names implement SSO (and above)

The main is to use the page URL and redirect to achieve, this kind of implementation of a lot of methods, but may need to pay attention to security issues.