CAS implements Single Sign-on. net mvc and casmvc

CAS implements Single Sign-on. net mvc and casmvc

Single Sign-on

Single Sign On (SSO for short) is one of the most popular solutions for enterprise business integration. SSO is defined in multiple application systems. Users only need to log on once to access all mutually trusted application systems.

Single Sign-On principle

• Storage Trust
• Verify Trust

CAS

Central Authentication Service is an enterprise-level open-source project initiated by Yale University. It aims to provide a reliable Single Sign-On solution (Web SSO) for Web application systems ). CAS started in 2001 and formally became a project in JA-SIG in December 2004.

CAS performs Authentication

　　

　　

　　

The following are the main steps in this authentication protocol.

• The user tries to use the application URL to access the application. The user is redirected to the CAS logon URL using an HTTPS connection. The name of the requested service is passed as a parameter. A user name/Password dialog box is displayed.
• The user enters the ID and password, and CAS authenticates the user. If the authentication fails, the target application does not know that the user tried to access it-the user was stopped on the CAS server.
• If the authentication succeeds, CAS redirects the user back to the target application and adds a parameter called ticket to the URL. CAS then tries to create a memory cookie called the ticket-granting cookie. This is for automatic re-verification in the future. If this cookie exists, it indicates that the user has successfully logged on, and the user does not need to enter the user name and password again.
• The application needs to check whether the ticket is correct and whether it represents a valid user. The method is to open an HTTPS connection to call the CAS serviceValidate URL and pass the ticket and service names as parameters. CAS checks whether the ticket is valid and whether it is associated with the requested service. If the check succeeds, CAS returns the user name to the application.

CAS Service Construction

Environment preparation:

　　

• Cat7.2 http://apache.fayea.com/tomcat/tomcat-7/v7.0.63/bin/apache-tomcat-7.0.63.exe
• JDK6
• CAS Service version cas-server-3.4.8-release http://download.csdn.net/detail/zhu_r_d/5487373
• Win7 Virtual Machine

Configure the server

• Decompress CAS Service, copy the cas-server-webapp-3.4.8.war file in the unzipped file's modules folder under % TOMCAT_HOME % \ webapps, and change the file name to: cas. war

 

• Configure host

　　　　

　　

After the configuration is complete, start tomcat and enter https://test.cas.com: 8080/cas in the browser

　　

　　　　

For tips, you must use HTTPS. If you have a certificate, you can configure it in tomcat. Do not use keytool to generate the certificate, the client cannot guarantee valid links during the call.

　　

　　　　

　　

 

Enter the username admin and password admin to log on.

　　

　　

　　

This indicates that the server is successfully configured.

 

CAS client Creation

Download. net cas client https://wiki.jasig.org/display/CASC/.Net+Cas+Client http://downloads.jasig.org/cas-clients/dotnet/dotnet-client-1.0.2-bin.zip

Source code download https://github.com/Jasig/dotnet-cas-client/tree/master/DotNetCasClient recommended source code, convenient debugging and Testing

Client service configuration: https://wiki.jasig.org/display/CASC/.Net+Cas+Client

Create a project tew.vccas MVC4.0 Architecture

　　

Install DotNetCasClient NuGet http://www.nuget.org/packages/DotNetCasClient

　　
　　

　　

You can also add the source code to the project to facilitate debugging.

　　

　　

　　

　　

　　

Configure web. config

See the https://wiki.jasig.org/display/CASC/.Net+Cas+Client for each node configuration which has a detailed introduction

Configure page permission Verification

Run the solution and you will see Unlogged users. You will be directed to the cas logon page.

After successful login, the system will jump normally. You can also see the corresponding COOKIE under the site.

 

The current login user uses the default admin account. If you need to integrate the database, refer

Http://my.oschina.net/indestiny/blog/200768

 

The next article strives to achieve database integration and custom returned data

 

References

Http://blog.csdn.net/cutesource/article/details/5838693

Http://www.coin163.com/java/cas/cas.html

Http://www.ibm.com/developerworks/cn/web/wa-singlesign/

Http://www.cnblogs.com/zhenyulu/archive/2013/01/27/2878935.html