ASP. NET Single Point of login (SSO) is applicable to a variety of situations, asp. netsso

ASP. NET Single Point of login (SSO) is applicable to a variety of situations, asp. netsso

First: single-point login between the same primary domain but different subdomains

Form authentication is based on identity cookies. After logging on to the client, a cookie containing user identity information (including a ticket) is generated. The cookie name is the name set by form in the Authentication section of web. config, as shown in

Copy codeThe Code is as follows:
<Authentication mode = "Forms">
<Forms loginUrl = "login. aspx" name = ". ASPXAUTH" path = "/" protection = "All" domain = ".zuowenjun.cn"> </forms>
</Authentication>

Here,. ASPNETAUTH is the Cookie name. This cookie is included in the Request. Cookies set to transmit user identity information. Therefore, the idea of sharing authentication information is simple: as long as this authentication cookie can be shared in the Self-domain name, the Form authentication information can naturally be shared!

Code implementation:

String userData = JsonHelper. scriptSerialize (user); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1, user. userid. toString (), DateTime. now, DateTime. now. addHours (4), false, userData); HttpCookie cookie = new HttpCookie (FormsAuthentication. formsCookieName, FormsAuthentication. encrypt (ticket); // Encrypt the identity information and save it to Cookiecookie. domain = ".zuowenjun.cn"; Response. cookies. add (cookie );

Second: Implement SSO between the master application and sub-Application of the virtual directory

Copy codeThe Code is as follows:
<Authentication mode = "Forms">
<Forms name = ". SSOAuth" protection = "All" timeout = "60" loginUrl = "login. aspx"/>
</Authentication>

Two important attributes are name and protection. when the protection attribute is set to "All", data is encrypted and verified by the Hash value in the Cookie. the keys used for verification and encryption are stored in the machine by default. config file, which can be found in the Web. the Config File overwrites these values. the default value is as follows:
Copy codeThe Code is as follows:
<MachineKey validationKey = "AutoGenerate, IsolateApps" decryptionKey = "AutoGenerate, IsolateApps" validation = "SHA1"/>

IsolateApps indicates that different keys are generated for each application. we cannot use this. to use the same Key in multiple applications to encrypt and decrypt cookies, we can remove the IsolateApps option or use a better method in the Web of all applications that require SSO. set a specific Key value in Config:
Copy codeThe Code is as follows:
<MachineKey validationKey = "F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902" decryptionKey = "decrypt" validation = "SHA1"/>

Third: Applications under different domain names implement SSO (also applicable to the above situations)

It is mainly implemented by passing parameters and redirection in the page URL. There are many implementation methods, but security issues may need to be noted.

Teach ASPNET Single Sign-On SSO problems, and sincerely teach,

Verify machineKey in web. config Forms in the same-level domain

Hello, how to teach ASPNET single-point login SSO

I haven't done it yet. It's been a long time and it's hard to figure out the details. There is no correct answer to the post. Just close it.