How to implement single sign-on in different. NET versions-Practical tips

Single sign-on is a Sign application in which users can access all of their trusted applications with only one login. In fact, for programmers to achieve technically, it is the problem of sharing cookies among different domain names.

Recently, adding a deployment to the ERP on another machine, link to the original old system of the subproject, call the original old project login to achieve a single sign-on, try N times repeatedly try not to determine the problem, is,. net2.0 and 4.0 encryption/decryption methods for cookies this difference, After research, the rewrite implements a simple way to implement a single sign-on in a different. NET version.

1, common landing page code to achieve:

Copy Code code as follows:

protected void Btnlogin_click (object sender, EventArgs e)
{
Certified invoicing, jump to original request page
System.Web.Security.FormsAuthentication.RedirectFromLoginPage ("Ejiyuan", false);
}

2, configuration file:

Copy Code code as follows:

<!--access Rights control-->
<authorization>
<deny users= "?" />
</authorization>
<!--identity authentication method-->
<authentication mode= "Forms" >
<forms name= ". The ASPNET "protection=" All "enablecrossappredirects=" true "Loginurl=" Login.aspx "timeout=" 2880 "path="/"domain=". Local.com "/>
</authentication>
<!--verification algorithm-->
<machinekey validationkey= "f9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902" decryptionkey= " F9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902f8d923ac "validation=" SHA1 "decryption=" 3DES "/> <compilation debug=" True "/>

here:The two most important attributes of the Authentication/forms node are name and protection. All projects that implement single sign-on have the same configuration so that they can read and write cookies under the same level of protection in different programs
When the protection property is set to "all", the hash value is used to encrypt and verify that the data is stored in the cookie. The default authentication and encryption keys are stored in the Machine.config file. We can overwrite these values in the application's Web.config file. The default values are as follows:

<machinekeyvalidationkey= "Autogenerate,isolateapps" decryptionkey= "Autogenerate,isolateapps" validation= "SHA1" "/>

IsolateApps represents generating a different key for each application. We can't use this. In order to encrypt and decrypt cookies using the same key in multiple applications, we can remove the IsolateApps option or a better approach is to set a specific key value in the web.config of all applications that need to implement SSO:

<machinekey validationkey= "f9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902" decryptionkey= " F9d1a2d3e1d3e2f7b3d9f90ff3965abdac304902f8d923ac "validation=" SHA1 "decryption=" 3DES "/> <compilation debug=" True "/>

If you use the same storage method to implement SSO just to change the web.config, you must ensure that each application in the single point has the same configuration, if the single sign-on application is across a different. NET version, the encryption/decryption here does not use the MD5

<machinekey decryptionkey= "8b6697227cbca902b1a0925d00faa00b353f2df4359d2099" validation= "MD5" 282487e295028e59b8f411acb689ccd6f39ddd2146055a3ee480424315994760adf21b580d8587db675fa02f7916813044e25309cccdb647174d5b3d0 DD9141 "/>

3, no login page of the single sign-on does not require direct configuration of the code can be, configured as follows

Copy Code code as follows:

<authorization>
<deny users= "?" />
</authorization>
<authentication mode= "Forms" >
<forms name= ". ASPNET "protection=" "All" enablecrossappredirects= "true" Loginurl= "http://Sso2.local.com/Login.aspx" timeout= "2880" Path= "/" domain= ". local.com"/>
</authentication>

4, the login module is encapsulated in httpmodules from the directional code for other systems to call directly, here enclose the code and reference method:

Copy Code code as follows:

public class Ssologinredirectmodule:ihttpmodule
{
public void Init (HttpApplication i_application)
{
Todo:add Uploadmodule.init Implementation
I_application. endrequest + = new EventHandler (i_application_endrequest);
}

void I_application_endrequest (object sender, EventArgs e)
{
if ((HttpContext.Current.Response.StatusCode = = 302) && HttpContext.Current.Response.RedirectLocation.Contains (Formsauthentication.loginurl))
{
HttpContext.Current.Response.RedirectLocation = Formsauthentication.loginurl + "? Returnurl= "+ httputility.urlencode (HttpContext.Current.Request.Url.OriginalString);
}
}

public void Dispose ()
{
throw new NotImplementedException ();
}
}

Reference:

Copy Code code as follows:

<add name= "Ssomodule" type= "Ssomodule.ssologinredirectmodule, Ssomodule"/>