How to implement Single-point logon in different. net versions

The so-called Single Sign On (Single Sign On) means that in multiple application systems, users only need to log On once to access all mutually trusted application systems. In fact, the technical implementation of programmers is to share cookies between different domain names.

Recently, I added a sub-project deployed on another machine to the ERP system, linked to the sub-project in the old system, and called Login in the old project to implement Single-point logon. I tried N times and failed to try again and again, finally, confirm the problem ,. the encryption/Decryption methods for cookies in net2.0 and 4.0 differ from each other. Therefore, after research, rewrite implements a different method. net.

1. Code implementation on the shared login page:
Copy codeThe Code is as follows:
Protected void btnLogin_Click (object sender, EventArgs e)
{
// Authentication invoicing, jump to the original request page
System. Web. Security. FormsAuthentication. RedirectFromLoginPage ("ejiyuan", false );
}

2. configuration file:
Copy codeThe Code is as follows:
<! -- Access permission control -->
<Authorization>
<Deny users = "? "/>
</Authorization>
<! -- Identity authentication method -->
<Authentication mode = "Forms">
<Forms name = ". ASPNET "protection =" All "enableCrossAppRedirects =" true "loginUrl =" Login. aspx "timeout =" 2880 "path ="/"domain =" .local.com "/>
</Authentication>
<! -- Verification Algorithm -->
<MachineKey validationKey = "constraint" decryptionKey = "constraint" validation = "SHA1" decryption = "3DES"/> <compilation debug = "true"/>

Here:The two most important attributes of the authentication/forms node are name and protection. all projects that implement Single Sign-On must have the same configuration so that they can read and write cookies at the same protection level in different programs.
When the protection attribute is set to "All", data is encrypted and verified by the Hash value in the Cookie. the keys used for verification and encryption are stored in the machine by default. config file, which can be found in the Web. the Config File overwrites these values. the default value is as follows:

<MachineKeyvalidationKey = "AutoGenerate, IsolateApps" decryptionKey = "AutoGenerate, IsolateApps" validation = "SHA1"/>

IsolateApps indicates that different keys are generated for each application. we cannot use this. to use the same Key in multiple applications to encrypt and decrypt cookies, we can remove the IsolateApps option or use a better method in the Web of all applications that require SSO. set a specific Key value in Config:

<MachineKey validationKey = "constraint" decryptionKey = "constraint" validation = "SHA1" decryption = "3DES"/> <compilation debug = "true"/>

If you use the same storage method, implementing SSO only changes the Web. you must ensure that each single-point application has the same configuration, if the single-point login application is different.. net version. Do not use md5 for encryption/decryption.

<MachineKey decryptionKey = "8b6697227cbca902b1a0925d00faa00b424f2df4359d2099" validation = "MD5" validationKey = "encrypt"/>

3. Single Sign-On without the logon page does not require code to be directly configured. The configuration is as follows:
Copy codeThe Code is as follows:
<Authorization>
<Deny users = "? "/>
</Authorization>
<Authentication mode = "Forms">
<Forms name = ". ASPNET" protection = "All" enableCrossAppRedirects = "true" loginUrl = "http://Sso2.local.com/Login.aspx" timeout = "2880" path = "/" domain = ".local.com"/>
</Authentication>

4. the logon module encapsulates the targeted code in httpModules for other systems to call directly. The enclosed code and reference method are attached here:
Copy codeThe Code is as follows:
Public class SsoLoginRedirectModule: IHttpModule
{
Public void Init (HttpApplication I _application)
{
// TODO: Add UploadModule. Init implementation
I _application.EndRequest + = new EventHandler (I _application_EndRequest );
}

Void I _application_EndRequest (object sender, EventArgs e)
{
If (HttpContext. Current. Response. StatusCode = 302) & HttpContext. Current. Response. RedirectLocation. Contains (FormsAuthentication. LoginUrl ))
{
HttpContext. Current. Response. RedirectLocation = FormsAuthentication. LoginUrl + "? ReturnUrl = "+ HttpUtility. UrlEncode (HttpContext. Current. Request. Url. OriginalString );
}
}

Public void Dispose ()
{
// Throw new NotImplementedException ();
}
}

Reference:
Copy codeThe Code is as follows:
<HttpModules>
<Add name = "SsoModule" type = "SsoModule. SsoLoginRedirectModule, SsoModule"/>
</HttpModules>