SSO, sso Login

SSO, sso Login

There are no less than 10 subsystems in the products we have made since entering the company, some of which are. net, java, Android, and ios. so I may need to access multiple subsystems (on the same platform). Do I need to log on multiple times to perform operations? Is this too inconvenient. after logging on to qq, we entered the qq mailbox, and did not allow us to log on again, but directly entered. how can we implement this function in our systems?

Here, we will introduce today's topic-SSO Single Sign-On. after logging on to system A, go to system B and do not need to log on again. the premise is that system A and system B use the same account and password. if the user name and password are different between them, it will be a lot of trouble.

The Single Sign-On solution found on the internet is CAS, and Yale University has a single sign-on solution. Of course, this article does not introduce CAS, but just uses a small example to look at the outline.

I. effect display

Here, I have three websites. After I log on to the Server, ClientA and ClientB directly enter the address following the backUrl to see if I want to log on.

After entering the information, let me go in directly without logging on again.

When I log out on the HomeA page, refresh the other two pages.

The other two pages are also forced to log out.

In terms of the effect, it is not a single system logon. Multiple systems can be logged out without logon. Multiple systems are logged out at one time. This is the result of a single sign-on.

 

II. Key code

Server Logon:

[NoLogin]public ActionResult LoginCheck(string userName, string userPwd){    if (userName == "admin" && userPwd == "123456")    {        User user = new User { Guid = Guid.NewGuid().ToString(), Name = "admin", Pwd = "123456" };        var newCookie = new HttpCookie("userCode", user.Guid);        newCookie.Expires = DateTime.Now.AddDays(1);        Response.Cookies.Add(newCookie);        RedisCache.Instance.Set(user.Guid, user, TimeSpan.FromMinutes(1));        return Json(new { status = "ok", guid = user.Guid });    }    return Json(new { status = "notMatch" });}

Here, NoLogin is an empty feature, which does not have anything in it. It can be placed on classes and methods to determine whether to directly access the page without logon.

After a successful login, a credential Guid will be generated. After a user holds this credential for system verification, I will only check whether the cache exists in the redis cache. If yes, it indicates that the user has logged on. No more verification is performed.

My redis here is deployed on the ubuntu Virtual Machine. redis does not support windows well, but it can also find the windows version. If possible, I suggest using linux to deploy redis.

 

Client Verification:

Public class SSOClientAttribute: AuthorizeAttribute {public override void OnAuthorization (AuthorizationContext filterContext) {// determine whether the request method or controller has the login-free feature if (filterContext. actionDescriptor. isDefined (typeof (NoLoginAttribute), false) | filterContext. actionDescriptor. controllerDescriptor. isDefined (typeof (NoLoginAttribute), false) {return;} // method to be logged on, continue to verify the base. onAuthorization (filterContext);} pr Otected override bool AuthorizeCore (HttpContextBase httpContext) {HttpCookie cookie = httpContext. request. cookies ["userCode"]; if (cookie = null | string. isNullOrEmpty (cookie. value) return false; var user = RedisCache. instance. getOrDefault <User> (cookie. value); if (user! = Null) {cookie. expires = DateTime. now. addDays (1); httpContext. response. setCookie (cookie); RedisCache. instance. set (user. guid, user, TimeSpan. fromMinutes (10); return true;} return false;} protected override void HandleUnauthorizedRequest (AuthorizationContext filterContext) {string loginUrl = ConfigurationManager. appSettings ["LoginUrl"]; string Url = filterContext. requestContext. httpContext. requ Est. Url. AbsoluteUri; loginUrl + = "? BackUrl = "+ Url; filterContext. HttpContext. Response. Redirect (loginUrl, true );}}

Log out is simple. You only need to clear the cookie and redis cache. The code will not be pasted.

 

Iii. Conclusion

CAS is much more complicated than single-point logon. Here I just got a small Demo, just a preliminary understanding of single-point logon. If you have a chance later, hopefully I will post the setup, usage, or resolution of Cas.

 

Refer:

Cai's mysso example (I have read his example before, but I wrote it more simply, and the result can be achieved)