SSO Single Sign-on

SSO Single Sign-On universal Class (cross-domain) purpose

The goal is clear, is to build a single sign-on Help class, and is a consistent minimalist style (call method to keep within 5 lines).

And with other class libraries, the correlation decreases. So, do not use WEBAPI or webservice.

Ideas

Because last time a friend said, light see a bunch of code, see concrete ideas. So, this time to share, I put the idea first written out.

Do not bother to see the implementation of the Code of Friends, you can directly see the "idea" this sub-title.

At the same time, if you have a good idea, please revise it and push it to me on GitHub. Talk is cheap,show me the code

Ideas

Same domain

There are fewer issues to consider in the same domain. Just consider how MVC and WebForm's request can be retrieved.

The implementation flowchart is as follows

1. Because the same cookie is used, the name and encryption method must be consistent.

2. You need to set the URL to jump back after successful login. Because the ReturnUrl of forms authentication cannot obtain the requested original URL.

3. The rest is gone. Do not understand can be questioned, I will not elaborate.

Cross-domain

Cross-domain requires consideration of state sharing in addition to the problem of the same domain. Because of the same-origin strategy, JSONPis used.

1. Because it is not a cookie sharing, you only need to set the same encryption method.

2. You need to add a collection of other sites that can be logged on to the certification website, separated by commas.

3. Need to create a login page on another site and invoke the validation method of the helper class. Configure the authentication site URL.

4. When the authentication website is successful, it will send the JSONP request to them according to the other websites configured, so that they can log in automatically.

5. Write off the same. Jsonp request Way, can refer to this article: Jsonp detailed. The way to add JS tags is to use it.

At this point, the idea ends. Do not understand can be questioned.

Detailed Design Introduction

The entire class library format as follows, I try to refactor, let you look at the convenience of some. Because lazy so just try to refactor.

Sso.js: cross-domain Single sign-on, JavaScript scripts that need to be referenced on the login page.

Ssocrossdomain: Cross-domain helper classes

Ssosamedomain: Same Domain helper class

App. Config: cross-domain help classes, examples of configurations involved

You need to refer to this class at the same time on the certification site and other sites. And depending on your needs, see which helper class to invoke.

How to use

First, we create a solution for the following structure to demonstrate.

Authorize: WebForm's certified website, built using the MVP PV model. Others are sites that need to be shared.

MVC1: Is the MVC certification site. Certification site has been implemented, the simplest login function.

Same domain

Let's start by talking about how the same domain is used.

1. We need to configure the same authentication. So we'll write the following code in Web. config.

Authorize Web1

Configuration things are: Forms authentication, Prohibit anonymous user access, configure the single sign-on encryption method.

One of the WEB1 forms certification, pointing to is authorize, and use link as a suffix, after successful jump.

2. You need to add the login page to the authorize website, and add the call method after login.

Authorize

Ssosamedomain, you can accept page and httpcontextbase, respectively, as the media to read the request.

So if you don't use MVP, you can instantiate this directly.

Login login method, you need to pass the configured cookie name, expiration time, and content that needs to be saved.

3. Configure the logout function, after clicking Logout, perform the following methods.

Logout

4. Get user Content, you can call the Getuserdata method of the Help class. You can get the corresponding content by passing the cookie name.

Get User Content

At this point, we have completed a single sign-on for the same domain.

Cross-domain

Cross-domain Because authentication is required, it is a few more steps than the same domain operation. Note: Each site must have a similar login.aspx page as the login store.

1. First configure the same encryption method, because our Jsonp pass is ciphertext, so the decryption method must be consistent.

Authorize

The Forms certification page for other sites points to the local login.aspx. Note that encryption must be consistent or it cannot be decrypted.

2. Authentication site set up a collection of URLs that can be logged in, add collections to the configuration file, and separate them with commas.

loginurl

3. Other websites set up a unified authentication URL and add the address after the successful jump.

Authorizeurl

Now that the configuration is over, let's talk about how to invoke it.

4. Certification website, add authentication login and login method.

Certification website

Initialize: Is the Login.aspx page initialization execution method, we call the helper class Validationlogin, verifies whether to log in.

Login: Invokes the login method of the Help class to save the login status and send the status to the other Web site.

5. Other websites, add authentication login methods.

Other Websites

Validationlogin: Verify login method, pass parameter: Local stored cookie name, expiration time.

6. Other websites, add logout method and get login content.

Logout and get

At this point, we have completed a cross-domain single sign-on. Each call, no more than 5 lines of code, minimalist style.

Mvc method is similar, you can refer to the source below.

Code implementation Operation

The operation is used to handle operations linked to request and response. I am not currently finding classes that are common to webform and MVC.

Therefore, this kind of operation is done by using an abstract factory. Here, I have been not very satisfied with the hope that there are other ideas can be informed.

1. Define the abstract class.

Operation

2. Define the operation class for the WebForm.

Operationpage

3. Defining an action class for MVC

Operationhttpcontext

We initialize the operation by helping the constructor of the class.

InitializeSame domain

The same domain helper class needs to expose three functions: Login,logout,getuserdata. The interface can also be made here if there is any other need.

Same domain helper class

The same domain is very simple, I do not explain what.

Cross-domain

Cross-Domain Help class, you need to expose four features, in addition to the same domain of three features, add Validationlogin authentication capabilities.

1. First, let's talk about how to achieve the JSONP. We created a JS method and then called the method from the back end.

SSO

Method at a glance, not much to say. With this load script, you can access the JSONP.

Next, we step through each method.

2. login user Log In

Login

The difference is: Create a voucher, create a cookie, send a JSONP request

Performjavascript

The implementation of the front-end JS method, the content is: To obtain a successful jump path, splicing method JS, the implementation of JS

3. LogOut User Logoff

LogOut

The difference is: local logoff, remote send logout request to the authentication website, execute JS

4. Getuserdata is similar to the same domain, no code is posted here.

5. Validationlogin verifies that the logged-on user will determine the requested LogType for logon and logoff operations.

Validationlogin

Open Source Address: Github Code Cloud OSC

In the development process, the idea is the most important. But you also need to use the actual code to validate your ideas. After all, the language is cheap.

Last Words

This lazy gadget series, all I have nothing to write about, not the content of the work. I share it only with my own actions to support the spirit of open source.

SSO Single Sign-on