How to leverage Jsonp across domain access in asp.net MVC 3

In the development of information systems, according to the relevant business logic will inevitably be multiple systems between the login. In general, we need to use multiple user names and passwords between multiple systems. This allows customers to repeatedly log in from one system to another. You need to enter a username and password for each login. The most popular recently is OAuth. Sina Weibo, the open system, is doing a good job. But OAuth is not the scope of this article. This paper mainly discusses the application of jQuery1.5 Jsonp in asp.net MVC3.

This article applies the scenario:

Suppose your development team is interested in developing a set of information management systems for a group of companies, and the first development is an order system and an internal OA system. The premise is that the two systems use the same set of databases. Just two different MVC3.0 Web projects.  This means that two virtual directories will be deployed on the same IIS. Our goal is to implement Cross-domain logons without the use of WCF, WebService and other technologies. That is to say, users login to the order system with the same account, then the client can log in to the OA system directly. You do not need to enter the user name and password again on the OA system. The contrary is also true.

jQuery1.5 JSONP Use:

<script type= "Text/javascript" >
       $ (function () {
 3var Oauri = "@ViewBag. Oavruri";
 4var user = "@ViewBag. User";
 5var pwd = "@ViewBag. PassWord";
 7            $.ajax ({
               type: "Get",
               Url:String.format (' {0}account/applogon? username={1}&password={2}&callback=, Oauri, User, pwd),
               Cache:false,
               error:function () {
                   Alert ("program error, please contact admin.");
               dataType: "Jsonp",
               Jsonp: ' Callback ',
               success:function (Result) {
}
           });        });
22</script>

Establishment of JSONP special ActionResult in MVC3.0

The code is as follows:

Publicclass jsonpresult<t>: ActionResult
    {public
T Obj {get; set;}
Publicstring callbackname {get; set;}
    
Public Jsonpresult (T obj, string callback)
        {this
. obj = obj;
This. Callbackname = callback;
        }
    
Publicoverridevoid Executeresult (ControllerContext context)
        {
            var js =new System.Web.Script.Serialization.JavaScriptSerializer ();
            var jsonp =this. Callbackname + "(" + JS. Serialize (this. OBJ) + ")";
    
            Context. HttpContext.Response.ContentType = "Application/json";
            Context. HttpContext.Response.Write (JSONP);
        }
    

Jsonpresult simple calls are as follows:

Public ActionResult Applogon (string UserName, String PassWord, String callback)
{
  returnnew jsonpresult< Object> (New {success =true, rankname = Rankname}, callback);

The Applogon action parameter is exactly the same as the jquery $.ajax parameter above:

Url:String.format (' {0}account/applogon? Username={1}&password={2}&callback= ", Oauri, user, PWD)

Summary:

JSONP's server-side principle is actually callback a JS function name (here is the callback parameter) passes this parameter to the service side, then executes this callback JS function by the server side,

The parameters of the JS function are also attached. Like the C # code above:

var Jsonp = this. Callbackname + "(" + JS. Serialize (this. OBJ) + ")" One more thing we should be aware of is the problem of security risks:

When using JSONP because it involves cross-domain, you need to consider the security of the other site or the other system. Safety risks should be avoided and JSONP should not be abused.

Author information: Cnblogs Song Kunming

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/webkf/aspx/