How to implement a single sign-on in a different. NET version

Source: Internet
Author: User
Tags config httpcontext md5 sha1
After research, the rewrite implements a simple way to achieve a single sign-on in a different. NET version. Now share with you, the deficiencies also hope to forgive

Single sign-on is a Sign application in which users can access all of their trusted applications with only one login. In fact, for programmers to achieve technically, it is the problem of sharing cookies among different domain names.

Recently, adding a deployment to the ERP on another machine, link to the original old system of the subproject, call the original old project login to achieve a single sign-on, try N times repeatedly try not to determine the problem, is,. net2.0 and 4.0 encryption/decryption methods for cookies this difference, After research, the rewrite implements a simple way to implement a single sign-on in a different. NET version.

1, common landing page code to achieve:

Copy Code code as follows:


protected void Btnlogin_click (object sender, EventArgs e)


{


//certification invoicing, jump to the original request page


System.Web.Security.FormsAuthentication.RedirectFromLoginPage ("Ejiyuan", false);


}


2, configuration file:

Copy Code code as follows:


<!--access control-->


<authorization>


<deny users= "?" />


</authorization>


<!--identity authentication method-->


<authentication mode= "Forms" >


<forms name= ". The ASPNET "protection=" All "enablecrossappredirects=" true "Loginurl=" Login.aspx "timeout=" 2880 "path="/"domain=". Local.com "/>


</authentication>


<!--verification algorithm-->


<machinekey validationkey= "f9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902" decryptionkey= " F9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902f8d923ac "validation=" SHA1 "decryption=" 3DES "/> <compilation debug=" True "/>


here:the two most important attributes of the Authentication/forms node are name and protection. All projects that implement single sign-on have the same configuration so that they can read and write cookies under the same level of protection in different programs
When the protection property is set to "all", the hash value is used to encrypt and verify that the data is stored in the cookie. The default authentication and encryption keys are stored in the Machine.config file. We can overwrite these values in the application's Web.config file. The default values are as follows:

<machinekeyvalidationkey= "Autogenerate,isolateapps" decryptionkey= "Autogenerate,isolateapps" validation= "SHA1" "/>

IsolateApps represents generating a different key for each application. We can't use this. In order to encrypt and decrypt cookies using the same key in multiple applications, we can remove the IsolateApps option or a better approach is to set a specific key value in the web.config of all applications that need to implement SSO:

<machinekey validationkey= "f9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902" decryptionkey= " F9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902f8d923ac "validation=" SHA1 "decryption=" 3DES "/> <compilation debug=" True "/>

If you use the same storage method to implement SSO just to change the web.config, you must ensure that each application in the single point has the same configuration, if the single sign-on application is across a different. NET version, the encryption/decryption here does not use the MD5

<machinekey decryptionkey= "8b6697227cbca902b1a0925d00faa00b353f2df4359d2099" validation= "MD5" 282487e295028e59b8f411acb689ccd6f39ddd2146055a3ee480424315994760adf21b580d8587db675fa02f7916813044e25309cccdb647174d5b3d0 DD9141 "/>

3, no login page of the single sign-on does not require direct configuration of the code can be, configured as follows

Copy Code code as follows:


&lt;authorization&gt;


&lt;deny users= "?" /&gt;


&lt;/authorization&gt;


&lt;authentication mode= "Forms" &gt;


&lt;forms name= ". ASPNET "protection=" "All" enablecrossappredirects= "true" Loginurl= "http://Sso2.local.com/Login.aspx" timeout= "2880" Path= "/" domain= ". local.com"/&gt;


&lt;/authentication&gt;


4, the login module is encapsulated in httpmodules from the directional code for other systems to call directly, here enclose the code and reference method:

Copy Code code as follows:


public class Ssologinredirectmodule:ihttpmodule


{


public void Init (HttpApplication i_application)


    {


//Todo:add Uploadmodule.init implementation


i_application. endrequest + = new EventHandler (i_application_endrequest);


    }

void I_application_endrequest (object sender, EventArgs e)
{
if ((HttpContext.Current.Response.StatusCode = = 302) && HttpContext.Current.Response.RedirectLocation.Contains (Formsauthentication.loginurl))
{
HttpContext.Current.Response.RedirectLocation = Formsauthentication.loginurl + "? Returnurl= "+ httputility.urlencode (HttpContext.Current.Request.Url.OriginalString);
}
}

public void Dispose ()
{
throw new NotImplementedException ();
}
}


Reference:

Copy Code code as follows:


    <add name= "Ssomodule type=" Ssomodule.ssologinredirectmodule, Ssomodule "/>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.