[转]asp.net 跨域单点登录
本文转自:http://tech.e800.com.cn/articles/2009/814/1250212319986_1.html
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。 asp.net跨域单点登录分为: 1、跨子域单点登录。如 blog.a.com 和 info.a.com 这2个站点同属一个主域.a.com,实现跨子域单点登录很简单,可以利用cookie,设置Domain为”.a.com'即可,这里就不再赘叙。 2、完成跨域单点登录。如 www.a.com www.b.com 这2个站点之间实现共享一个身份验证系统,只需在一处地方登录,下面主要谈下这种方式的实现方法。 asp.net 跨域单点登录实现原理: 当用户第一次访问web应用系统1的时候,因为还没有登录,会被引导到认证中心进行登录;根据用户提供的登录信息,认证系统进行身份效验,如果通过效验,返回给用户一个认证的凭据;用户再访问别的web应用的时候就会将这个Token带上,作为自己认证的凭据,应用系统接受到请求之后会把Token送到认证中心进行效验,检查Token的合法性。如果通过效验,用户就可以在不用再次登录的情况下访问应用系统2和应用系统3了。所有应用系统共享一个身份认证系统。认证系统的主要功能是将用户的登录信息和用户信息库相比较,对用户进行登录认证;认证成功后,认证系统应该生成统一的认证标志,返还给用户。另外,认证系统还应该对Token进行效验,判断其有效性。 所有应用系统能够识别和提取Token信息要实现SSO的功能,让用户只登录一次,就必须让应用系统能够识别已经登录过的用户。应用系统应该能对Token进行识别和提取,通过与认证系统的通讯,能自动判断当前用户是否登录过,从而完成单点登录的功能。 比如说,我现在有3个分站点和1个认证中心(总站)。当用户访问分站点的时候,分站点会发Token到验证中心进行验证。验证中心判断用户是否已经登录。如果未登录,则返回到验证中心登录入口进行登录,否之则返回Token验证到分站点,直接进入分站点。 如图所示: 上面是实现单点登录的原理图,下面介绍下如何用asp.net实现跨域单点登录: 一、新建网站 MasterSite,作为总站认证中心。配置web.config,采用form登录验证。
配置如下: <authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”120”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization>
<authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”120”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization> 添加Default.aspx页面,用来进行登录。代码如下: HTML Code: <%@ Page Language=”C#” AutoEventWireup=”true” CodeFile=”Default.aspx.cs” Inherits=”_Default” %> <!DOCTYPE html PUBLIC ”-//W3C//DTD XHTML 1.0 Transitional//EN” ”http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” >
<head runat=”server”>
<title>总站登录</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:Login ID=”Login1” runat=”server” OnAuthenticate=”Login1_Authenticate” UserName=”test”>
</asp:Login>
</div>
</form>
</body>
</html>
<%@ Page Language=”C#” AutoEventWireup=”true” CodeFile=”Default.aspx.cs” Inherits=”_Default” %> <!DOCTYPE html PUBLIC ”-//W3C//DTD XHTML 1.0 Transitional//EN” ”http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” >
<head runat=”server”>
<title>总站登录</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:Login ID=”Login1” runat=”server” OnAuthenticate=”Login1_Authenticate” UserName=”test”>
</asp:Login>
</div>
</form>
</body>
</html> Default.cs Code: using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SSORequest ssoRequest = new SSORequest(); #region 验证 Post 过来的参数
//--------------------------------
// 请求注销
if (!string.IsNullOrEmpty(Request[”Logout”]))
{
Authentication.Logout();
return;
}
//--------------------------------
// 各独立站点标识
if (string.IsNullOrEmpty(Request[”IASID”]))
{
return;
}
else
{
ssoRequest.IASID = Request[”IASID”];
} //--------------------------------
// 时间戳
if (string.IsNullOrEmpty(Request[”TimeStamp”]))
{
return;
}
else
{
ssoRequest.TimeStamp = Request[”TimeStamp”];
} //--------------------------------
// 各独立站点的访问地址
if (string.IsNullOrEmpty(Request[”AppUrl”]))
{
return;
}
else
{
ssoRequest.AppUrl = Request[”AppUrl”];
} //--------------------------------
// 各独立站点的 Token
if (string.IsNullOrEmpty(Request[”Authenticator”]))
{
return;
}
else
{
ssoRequest.Authenticator = Request[”Authenticator”];
} ViewState[”SSORequest”] = ssoRequest; #endregion //验证从分站发过来的Token
if (Authentication.ValidateAppToken(ssoRequest))
{
string userAccount = null; // 验证用户之前是否登录过
//验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
if (Authentication.ValidateEACCookie(out userAccount))
{
ssoRequest.UserAccount = userAccount; //创建认证中心发往各分站的 Token
if (Authentication.CreateEACToken(ssoRequest))
{
Post(ssoRequest);
}
}
else
{
return;
}
}
else
{
return;
}
}
} //post请求
void Post(SSORequest ssoRequest)
{
PostService ps = new PostService(); ps.Url = ssoRequest.AppUrl; ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} /// <summary>
/// 验证登录账号和密码是否正确
/// </summary>
/// <param name=”userName”>登录账号</param>
/// <param name=”userPwd”>登录密码</param>
/// <returns></returns>
private bool ValidateUserInfo(string userName, string userPwd)
{
//从数据库中读取,验证登录账号和密码
//略...
return true;
} protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
{
Page.RegisterClientScriptBlock(”Add”, ”<mce:script lanuage=\”javascript\”><!--
alert('用户名密码不能为空!');
// --></mce:script>”);
return;
}
else if (ValidateUserInfo(Login1.UserName, Login1.Password) == false)
{
Page.RegisterClientScriptBlock(”Add”, ”<mce:script lanuage=\”javascript\”><!--
alert('用户名密码错误!');
// --></mce:script>”);
return;
}
else
{
Session[”CurrUserName”] = Login1.UserName;
Session.Timeout = 120; SSORequest ssoRequest = ViewState[”SSORequest”] as SSORequest; // 如果不是从各分站 Post 过来的请求,则默认登录主站
if (ssoRequest == null)
{
FormsAuthentication.SetAuthCookie(Login1.UserName, false); ssoRequest = new SSORequest();
//主站标识ID
ssoRequest.IASID = ”00”;
ssoRequest.AppUrl = ”SiteList.aspx”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.Authenticator = string.Empty; Response.Redirect(”SiteList.aspx”);
}
ssoRequest.UserAccount = Login1.UserName; //创建Token
if (Authentication.CreateEACToken(ssoRequest))
{
string expireTime = DateTime.Now.AddHours(3).ToString(”yyyy-MM-dd HH:mm”); Authentication.CreatEACCookie(ssoRequest.UserAccount, ssoRequest.TimeStamp, expireTime); Post(ssoRequest);
} }
} }
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SSORequest ssoRequest = new SSORequest(); #region 验证 Post 过来的参数
//--------------------------------
// 请求注销
if (!string.IsNullOrEmpty(Request[”Logout”]))
{
Authentication.Logout();
return;
}
//--------------------------------
// 各独立站点标识
if (string.IsNullOrEmpty(Request[”IASID”]))
{
return;
}
else
{
ssoRequest.IASID = Request[”IASID”];
} //--------------------------------
// 时间戳
if (string.IsNullOrEmpty(Request[”TimeStamp”]))
{
return;
}
else
{
ssoRequest.TimeStamp = Request[”TimeStamp”];
} //--------------------------------
// 各独立站点的访问地址
if (string.IsNullOrEmpty(Request[”AppUrl”]))
{
return;
}
else
{
ssoRequest.AppUrl = Request[”AppUrl”];
} //--------------------------------
// 各独立站点的 Token
if (string.IsNullOrEmpty(Request[”Authenticator”]))
{
return;
}
else
{
ssoRequest.Authenticator = Request[”Authenticator”];
} ViewState[”SSORequest”] = ssoRequest; #endregion //验证从分站发过来的Token
if (Authentication.ValidateAppToken(ssoRequest))
{
string userAccount = null; // 验证用户之前是否登录过
//验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
if (Authentication.ValidateEACCookie(out userAccount))
{
ssoRequest.UserAccount = userAccount; //创建认证中心发往各分站的 Token
if (Authentication.CreateEACToken(ssoRequest))
{
Post(ssoRequest);
}
}
else
{
return;
}
}
else
{
return;
}
}
} //post请求
void Post(SSORequest ssoRequest)
{
PostService ps = new PostService(); ps.Url = ssoRequest.AppUrl; ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} /// <summary>
/// 验证登录账号和密码是否正确
/// </summary>
/// <param name=”userName”>登录账号</param>
/// <param name=”userPwd”>登录密码</param>
/// <returns></returns>
private bool ValidateUserInfo(string userName, string userPwd)
{
//从数据库中读取,验证登录账号和密码
//略...
return true;
} protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
{
Page.RegisterClientScriptBlock(”Add”, ”<mce:script lanuage=\”javascript\”><!--
alert('用户名密码不能为空!');
// --></mce:script>”);
return;
}
else if (ValidateUserInfo(Login1.UserName, Login1.Password) == false)
{
Page.RegisterClientScriptBlock(”Add”, ”<mce:script lanuage=\”javascript\”><!--
alert('用户名密码错误!');
// --></mce:script>”);
return;
}
else
{
Session[”CurrUserName”] = Login1.UserName;
Session.Timeout = 120; SSORequest ssoRequest = ViewState[”SSORequest”] as SSORequest; // 如果不是从各分站 Post 过来的请求,则默认登录主站
if (ssoRequest == null)
{
FormsAuthentication.SetAuthCookie(Login1.UserName, false); ssoRequest = new SSORequest();
//主站标识ID
ssoRequest.IASID = ”00”;
ssoRequest.AppUrl = ”SiteList.aspx”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.Authenticator = string.Empty; Response.Redirect(”SiteList.aspx”);
}
ssoRequest.UserAccount = Login1.UserName; //创建Token
if (Authentication.CreateEACToken(ssoRequest))
{
string expireTime = DateTime.Now.AddHours(3).ToString(”yyyy-MM-dd HH:mm”); Authentication.CreatEACCookie(ssoRequest.UserAccount, ssoRequest.TimeStamp, expireTime); Post(ssoRequest);
} }
} } 代码说明:验证分站post过来的Token请求,如果用户已经登录,则创建认证中心发往各分站的 Token验证,转向分站,否之则返回登录。若是直接登录主站则转向站点选择页面sitelist.aspx,选择你要登录的分站点。 如图: 二、新建站点1,代码如下: HTML Code: <%@ Page Language=”C#” AutoEventWireup=”true” CodeFile=”Default.aspx.cs” Inherits=”_Default” %> <!DOCTYPE html PUBLIC ”-//W3C//DTD XHTML 1.0 Transitional//EN” ”http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” >
<head runat=”server”>
<title> 站点一</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<br />
<br />
<asp:LinkButton ID=”LinkButton1” runat=”server” OnClick=”LinkButton1_Click”>返回主站</asp:LinkButton> <asp:LinkButton ID=”LinkButton2” runat=”server” OnClick=”LinkButton2_Click”>注销登录</asp:LinkButton></div>
</form>
</body>
</html>
<%@ Page Language=”C#” AutoEventWireup=”true” CodeFile=”Default.aspx.cs” Inherits=”_Default” %> <!DOCTYPE html PUBLIC ”-//W3C//DTD XHTML 1.0 Transitional//EN” ”http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” >
<head runat=”server”>
<title> 站点一</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<br />
<br />
<asp:LinkButton ID=”LinkButton1” runat=”server” OnClick=”LinkButton1_Click”>返回主站</asp:LinkButton> <asp:LinkButton ID=”LinkButton2” runat=”server” OnClick=”LinkButton2_Click”>注销登录</asp:LinkButton></div>
</form>
</body>
</html> Default.cs code: using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
#region SSO 部分代码
SSORequest ssoRequest = new SSORequest(); if (string.IsNullOrEmpty(Request[”IASID”]))
{
ssoRequest.IASID = ”01”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString();
Authentication.CreateAppToken(ssoRequest); Post(ssoRequest);
}
else if (!string.IsNullOrEmpty(Request[”IASID”])
&& !string.IsNullOrEmpty(Request[”TimeStamp”])
&& !string.IsNullOrEmpty(Request[”AppUrl”])
&& !string.IsNullOrEmpty(Request[”UserAccount”])
&& !string.IsNullOrEmpty(Request[”Authenticator”]))
{
ssoRequest.IASID = Request[”IASID”];
ssoRequest.TimeStamp = Request[”TimeStamp”];
ssoRequest.AppUrl = Request[”AppUrl”];
ssoRequest.UserAccount = Request[”UserAccount”];
ssoRequest.Authenticator = Request[”Authenticator”]; if (Authentication.ValidateEACToken(ssoRequest))
{
//从数据库中获取UserId
Session[”CurrUserName”] = Request[”UserAccount”];
Session.Timeout = 120;
FormsAuthentication.SetAuthCookie(Request[”UserAccount”], false);
Response.Write(string.Format(”{0},您好!欢迎来到site1, >> 访问<a href=”\” mce_href=”\””http://localhost/Site2/Default.aspx\”>site2</a>”,ssoRequest.UserAccount));
}
} ViewState[”SSORequest”] = ssoRequest; #endregion
}
} void Post(SSORequest ssoRequest)
{
PostService ps = new PostService();
//认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl;
//ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} //注销登录
protected void LinkButton2_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut(); SSORequest ssoRequest = new SSORequest(); ssoRequest.IASID = ”01”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString(); Authentication.CreateAppToken(ssoRequest); PostService ps = new PostService(); //认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl; ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Add(”Logout”, ”true”); ps.Post();
} //返回主站
protected void LinkButton1_Click(object sender, EventArgs e)
{
if (Session[”CurrUserName”] != null)
{
Response.Redirect(”http://localhost/MasterSite/SiteList.aspx”);
}
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
#region SSO 部分代码
SSORequest ssoRequest = new SSORequest(); if (string.IsNullOrEmpty(Request[”IASID”]))
{
ssoRequest.IASID = ”01”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString();
Authentication.CreateAppToken(ssoRequest); Post(ssoRequest);
}
else if (!string.IsNullOrEmpty(Request[”IASID”])
&& !string.IsNullOrEmpty(Request[”TimeStamp”])
&& !string.IsNullOrEmpty(Request[”AppUrl”])
&& !string.IsNullOrEmpty(Request[”UserAccount”])
&& !string.IsNullOrEmpty(Request[”Authenticator”]))
{
ssoRequest.IASID = Request[”IASID”];
ssoRequest.TimeStamp = Request[”TimeStamp”];
ssoRequest.AppUrl = Request[”AppUrl”];
ssoRequest.UserAccount = Request[”UserAccount”];
ssoRequest.Authenticator = Request[”Authenticator”]; if (Authentication.ValidateEACToken(ssoRequest))
{
//从数据库中获取UserId
Session[”CurrUserName”] = Request[”UserAccount”];
Session.Timeout = 120;
FormsAuthentication.SetAuthCookie(Request[”UserAccount”], false);
Response.Write(string.Format(”{0},您好!欢迎来到site1, >> 访问<a href=”\” mce_href=”\””http://localhost/Site2/Default.aspx\”>site2</a>”,ssoRequest.UserAccount));
}
} ViewState[”SSORequest”] = ssoRequest; #endregion
}
} void Post(SSORequest ssoRequest)
{
PostService ps = new PostService();
//认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl;
//ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} //注销登录
protected void LinkButton2_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut(); SSORequest ssoRequest = new SSORequest(); ssoRequest.IASID = ”01”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString(); Authentication.CreateAppToken(ssoRequest); PostService ps = new PostService(); //认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl; ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Add(”Logout”, ”true”); ps.Post();
} //返回主站
protected void LinkButton1_Click(object sender, EventArgs e)
{
if (Session[”CurrUserName”] != null)
{
Response.Redirect(”http://localhost/MasterSite/SiteList.aspx”);
}
}
} 配置web.config <authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”60”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization>
<authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”60”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization> 三、同二一样,新建站点Site2,代码如下: using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
#region SSO 部分代码
SSORequest ssoRequest = new SSORequest(); if (string.IsNullOrEmpty(Request[”IASID”]))
{
ssoRequest.IASID = ”02”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString();
Authentication.CreateAppToken(ssoRequest); Post(ssoRequest);
}
else if (!string.IsNullOrEmpty(Request[”IASID”])
&& !string.IsNullOrEmpty(Request[”TimeStamp”])
&& !string.IsNullOrEmpty(Request[”AppUrl”])
&& !string.IsNullOrEmpty(Request[”UserAccount”])
&& !string.IsNullOrEmpty(Request[”Authenticator”]))
{
ssoRequest.IASID = Request[”IASID”];
ssoRequest.TimeStamp = Request[”TimeStamp”];
ssoRequest.AppUrl = Request[”AppUrl”];
ssoRequest.UserAccount = Request[”UserAccount”];
ssoRequest.Authenticator = Request[”Authenticator”]; if (Authentication.ValidateEACToken(ssoRequest))
{
Session[”CurrUserName”] = Request[”UserAccount”];
Session.Timeout = 120;
FormsAuthentication.SetAuthCookie(Request[”UserAccount”], false);
Response.Write(string.Format(”{0},您好!欢迎来到site2, >> 访问<a href=”\” mce_href=”\””http://localhost/Site1/Default.aspx\”>site1</a>”, ssoRequest.UserAccount));
}
} ViewState[”SSORequest”] = ssoRequest; #endregion
}
} void Post(SSORequest ssoRequest)
{
PostService ps = new PostService();
//认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl;
//ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} //注销登录
protected void LinkButton2_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut(); SSORequest ssoRequest = new SSORequest(); ssoRequest.IASID = ”02”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString(); Authentication.CreateAppToken(ssoRequest); PostService ps = new PostService(); //认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl; ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Add(”Logout”, ”true”); ps.Post();
} //返回主站
protected void LinkButton1_Click(object sender, EventArgs e)
{
if (Session[”CurrUserName”] != null)
{
Response.Redirect(”http://localhost/MasterSite/SiteList.aspx”);
}
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls; public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
#region SSO 部分代码
SSORequest ssoRequest = new SSORequest(); if (string.IsNullOrEmpty(Request[”IASID”]))
{
ssoRequest.IASID = ”02”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString();
Authentication.CreateAppToken(ssoRequest); Post(ssoRequest);
}
else if (!string.IsNullOrEmpty(Request[”IASID”])
&& !string.IsNullOrEmpty(Request[”TimeStamp”])
&& !string.IsNullOrEmpty(Request[”AppUrl”])
&& !string.IsNullOrEmpty(Request[”UserAccount”])
&& !string.IsNullOrEmpty(Request[”Authenticator”]))
{
ssoRequest.IASID = Request[”IASID”];
ssoRequest.TimeStamp = Request[”TimeStamp”];
ssoRequest.AppUrl = Request[”AppUrl”];
ssoRequest.UserAccount = Request[”UserAccount”];
ssoRequest.Authenticator = Request[”Authenticator”]; if (Authentication.ValidateEACToken(ssoRequest))
{
Session[”CurrUserName”] = Request[”UserAccount”];
Session.Timeout = 120;
FormsAuthentication.SetAuthCookie(Request[”UserAccount”], false);
Response.Write(string.Format(”{0},您好!欢迎来到site2, >> 访问<a href=”\” mce_href=”\””http://localhost/Site1/Default.aspx\”>site1</a>”, ssoRequest.UserAccount));
}
} ViewState[”SSORequest”] = ssoRequest; #endregion
}
} void Post(SSORequest ssoRequest)
{
PostService ps = new PostService();
//认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl;
//ps.Add(”UserAccount”, ssoRequest.UserAccount);
ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Post();
} //注销登录
protected void LinkButton2_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut(); SSORequest ssoRequest = new SSORequest(); ssoRequest.IASID = ”02”;
ssoRequest.TimeStamp = DateTime.Now.ToString(”yyyy-MM-dd HH:mm”);
ssoRequest.AppUrl = Request.Url.ToString(); Authentication.CreateAppToken(ssoRequest); PostService ps = new PostService(); //认证中心(主站)地址
string EACUrl = ”http://localhost/MasterSite/Default.aspx”;
ps.Url = EACUrl; ps.Add(”IASID”, ssoRequest.IASID);
ps.Add(”TimeStamp”, ssoRequest.TimeStamp);
ps.Add(”AppUrl”, ssoRequest.AppUrl);
ps.Add(”Authenticator”, ssoRequest.Authenticator); ps.Add(”Logout”, ”true”); ps.Post();
} //返回主站
protected void LinkButton1_Click(object sender, EventArgs e)
{
if (Session[”CurrUserName”] != null)
{
Response.Redirect(”http://localhost/MasterSite/SiteList.aspx”);
}
}
} 对于tokent请求,tokent验证,需要对它进行加密、解密。 其它代码: Authentication.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Collections.Generic;
using System.Text; /// <summary>
/// 安全验证类
/// </summary>
public class Authentication
{
static readonly string cookieName = ”EACToken”;
static readonly string hashSplitter = ”|”; public Authentication()
{
} public static string GetAppKey(int appID)
{
//string cmdText = @”select * from ”;
return string.Empty;
} public static string GetAppKey()
{
return ”22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70”;
} public static string GetAppIV()
{
return ”1E7FA9231E7FA923”;
} /// <summary>
/// 取得加密服务
/// </summary>
/// <returns></returns>
static CryptoService GetCryptoService()
{
string key = GetAppKey();
string IV = GetAppIV(); CryptoService cs = new CryptoService(key, IV);
return cs;
} /// <summary>
/// 创建各分站发往认证中心的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool CreateAppToken(SSORequest ssoRequest)
{
string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService(); byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证从各分站发送过来的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool ValidateAppToken(SSORequest ssoRequest)
{
string Authenticator = ssoRequest.Authenticator; string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
return Authenticator == CryptoHelper.ToBase64String(encrypted);
}
else
{
return false;
}
} /// <summary>
/// 创建认证中心发往各分站的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool CreateEACToken(SSORequest ssoRequest)
{
string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证从认证中心发送过来的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool ValidateEACToken(SSORequest ssoRequest)
{
string Authenticator = ssoRequest.Authenticator; string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); string EncryCurrentAuthenticator = string.Empty;
CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
EncryCurrentAuthenticator = CryptoHelper.ToBase64String(encrypted); return Authenticator == EncryCurrentAuthenticator;
}
else
{
return false;
}
} /// <summary>
/// 创建 EAC 认证中心的 Cookie
/// </summary>
/// <param name=”userAccount”></param>
/// <param name=”timeStamp”></param>
/// <param name=”expireTime”></param>
/// <param name=”cookieValue”></param>
/// <returns></returns>
public static bool CreatEACCookie(string userAccount, string timeStamp, string expireTime)
{
string plainText = ”UserAccount=” + userAccount + ”;TimeStamp=” + timeStamp + ”;ExpireTime=” + expireTime;
plainText += hashSplitter + CryptoHelper.ComputeHashString(plainText); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(CryptoHelper.ConvertStringToByteArray(plainText), out encrypted))
{
string cookieValue = CryptoHelper.ToBase64String(encrypted);
SetCookie(cookieValue); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
/// </summary>
/// <param name=”userAccount”>输出用户登录账号</param>
/// <returns></returns>
public static bool ValidateEACCookie(out string userAccount)
{
userAccount = string.Empty;
try
{ string cookieValue = GetCookie().Value;
byte[] toDecrypt = CryptoHelper.FromBase64String(cookieValue);
CryptoService cs = GetCryptoService(); string decrypted = string.Empty;
if (cs.Decrypt(toDecrypt, out decrypted))
{ string[] arrTemp = decrypted.Split(Convert.ToChar(hashSplitter));
string plainText = arrTemp[0];
string hashedText = arrTemp[1]; userAccount = plainText.Split(Convert.ToChar(”;”))[0].Split(Convert.ToChar(”=”))[1]; return hashedText.Replace(”\0”, string.Empty) == CryptoHelper.ComputeHashString(plainText); }
else
{
return false;
}
}
catch (Exception e)
{
return false;
}
} public static void Logout()
{
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Parse(”1900-1-1”);
HttpContext.Current.Response.Cookies[cookieName].Path = ”/”;
} private static void SetCookie(string cookieValue)
{
HttpContext.Current.Response.Cookies[cookieName].Value = cookieValue;
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddHours(24);
HttpContext.Current.Response.Cookies[cookieName].Path = ”/”;
} private static HttpCookie GetCookie()
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[”EACToken”];
return cookie;
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Collections.Generic;
using System.Text; /// <summary>
/// 安全验证类
/// </summary>
public class Authentication
{
static readonly string cookieName = ”EACToken”;
static readonly string hashSplitter = ”|”; public Authentication()
{
} public static string GetAppKey(int appID)
{
//string cmdText = @”select * from ”;
return string.Empty;
} public static string GetAppKey()
{
return ”22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70”;
} public static string GetAppIV()
{
return ”1E7FA9231E7FA923”;
} /// <summary>
/// 取得加密服务
/// </summary>
/// <returns></returns>
static CryptoService GetCryptoService()
{
string key = GetAppKey();
string IV = GetAppIV(); CryptoService cs = new CryptoService(key, IV);
return cs;
} /// <summary>
/// 创建各分站发往认证中心的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool CreateAppToken(SSORequest ssoRequest)
{
string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService(); byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证从各分站发送过来的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool ValidateAppToken(SSORequest ssoRequest)
{
string Authenticator = ssoRequest.Authenticator; string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
return Authenticator == CryptoHelper.ToBase64String(encrypted);
}
else
{
return false;
}
} /// <summary>
/// 创建认证中心发往各分站的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool CreateEACToken(SSORequest ssoRequest)
{
string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证从认证中心发送过来的 Token
/// </summary>
/// <param name=”ssoRequest”></param>
/// <returns></returns>
public static bool ValidateEACToken(SSORequest ssoRequest)
{
string Authenticator = ssoRequest.Authenticator; string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt); string EncryCurrentAuthenticator = string.Empty;
CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(bToEncrypt, out encrypted))
{
EncryCurrentAuthenticator = CryptoHelper.ToBase64String(encrypted); return Authenticator == EncryCurrentAuthenticator;
}
else
{
return false;
}
} /// <summary>
/// 创建 EAC 认证中心的 Cookie
/// </summary>
/// <param name=”userAccount”></param>
/// <param name=”timeStamp”></param>
/// <param name=”expireTime”></param>
/// <param name=”cookieValue”></param>
/// <returns></returns>
public static bool CreatEACCookie(string userAccount, string timeStamp, string expireTime)
{
string plainText = ”UserAccount=” + userAccount + ”;TimeStamp=” + timeStamp + ”;ExpireTime=” + expireTime;
plainText += hashSplitter + CryptoHelper.ComputeHashString(plainText); CryptoService cs = GetCryptoService();
byte[] encrypted; if (cs.Encrypt(CryptoHelper.ConvertStringToByteArray(plainText), out encrypted))
{
string cookieValue = CryptoHelper.ToBase64String(encrypted);
SetCookie(cookieValue); return true;
}
else
{
return false;
}
} /// <summary>
/// 验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
/// </summary>
/// <param name=”userAccount”>输出用户登录账号</param>
/// <returns></returns>
public static bool ValidateEACCookie(out string userAccount)
{
userAccount = string.Empty;
try
{ string cookieValue = GetCookie().Value;
byte[] toDecrypt = CryptoHelper.FromBase64String(cookieValue);
CryptoService cs = GetCryptoService(); string decrypted = string.Empty;
if (cs.Decrypt(toDecrypt, out decrypted))
{ string[] arrTemp = decrypted.Split(Convert.ToChar(hashSplitter));
string plainText = arrTemp[0];
string hashedText = arrTemp[1]; userAccount = plainText.Split(Convert.ToChar(”;”))[0].Split(Convert.ToChar(”=”))[1]; return hashedText.Replace(”\0”, string.Empty) == CryptoHelper.ComputeHashString(plainText); }
else
{
return false;
}
}
catch (Exception e)
{
return false;
}
} public static void Logout()
{
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Parse(”1900-1-1”);
HttpContext.Current.Response.Cookies[cookieName].Path = ”/”;
} private static void SetCookie(string cookieValue)
{
HttpContext.Current.Response.Cookies[cookieName].Value = cookieValue;
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddHours(24);
HttpContext.Current.Response.Cookies[cookieName].Path = ”/”;
} private static HttpCookie GetCookie()
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[”EACToken”];
return cookie;
}
} CryptoHelper.cs using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography; public class CryptoHelper
{
/// <summary>
/// 复合 Hash:string --> byte[] --> hashed byte[] --> base64 string
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static string ComputeHashString(string s)
{
return ToBase64String(ComputeHash(ConvertStringToByteArray(s)));
} public static byte[] ComputeHash(byte[] buf)
{
//return ((HashAlgorithm)CryptoConfig.CreateFromName(”SHA1”)).ComputeHash(buf);
return SHA1.Create().ComputeHash(buf); } /// <summary>
/// //System.Convert.ToBase64String
/// </summary>
/// <param name=”buf”></param>
/// <returns></returns>
public static string ToBase64String(byte[] buf)
{
return System.Convert.ToBase64String(buf);
} public static byte[] FromBase64String(string s)
{
return System.Convert.FromBase64String(s);
} /// <summary>
/// //Encoding.UTF8.GetBytes(s)
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static byte[] ConvertStringToByteArray(String s)
{
return Encoding.UTF8.GetBytes(s);//gb2312
} public static string ConvertByteArrayToString(byte[] buf)
{
//return System.Text.Encoding.GetEncoding(”utf-8”).GetString(buf); return Encoding.UTF8.GetString(buf);
} /// <summary>
/// 字节数组转换为十六进制字符串
/// </summary>
/// <param name=”buf”></param>
/// <returns></returns>
public static string ByteArrayToHexString(byte[] buf)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < buf.Length; i++)
{
sb.Append(buf[i].ToString(”X”).Length == 2 ? buf[i].ToString(”X”) : ”0” + buf[i].ToString(”X”));
}
return sb.ToString();
} /// <summary>
/// 十六进制字符串转换为字节数组
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static byte[] HexStringToByteArray(string s)
{
Byte[] buf = new byte[s.Length / 2];
for (int i = 0; i < buf.Length; i++)
{
buf[i] = (byte)(Char2Hex(s.Substring(i * 2, 1)) * 0x10 + Char2Hex(s.Substring(i * 2 + 1, 1)));
}
return buf;
} private static byte Char2Hex(string chr)
{
switch (chr)
{
case ”0”:
return 0x00;
case ”1”:
return 0x01;
case ”2”:
return 0x02;
case ”3”:
return 0x03;
case ”4”:
return 0x04;
case ”5”:
return 0x05;
case ”6”:
return 0x06;
case ”7”:
return 0x07;
case ”8”:
return 0x08;
case ”9”:
return 0x09;
case ”A”:
return 0x0a;
case ”B”:
return 0x0b;
case ”C”:
return 0x0c;
case ”D”:
return 0x0d;
case ”E”:
return 0x0e;
case ”F”:
return 0x0f;
}
return 0x00;
}
}
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography; public class CryptoHelper
{
/// <summary>
/// 复合 Hash:string --> byte[] --> hashed byte[] --> base64 string
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static string ComputeHashString(string s)
{
return ToBase64String(ComputeHash(ConvertStringToByteArray(s)));
} public static byte[] ComputeHash(byte[] buf)
{
//return ((HashAlgorithm)CryptoConfig.CreateFromName(”SHA1”)).ComputeHash(buf);
return SHA1.Create().ComputeHash(buf); } /// <summary>
/// //System.Convert.ToBase64String
/// </summary>
/// <param name=”buf”></param>
/// <returns></returns>
public static string ToBase64String(byte[] buf)
{
return System.Convert.ToBase64String(buf);
} public static byte[] FromBase64String(string s)
{
return System.Convert.FromBase64String(s);
} /// <summary>
/// //Encoding.UTF8.GetBytes(s)
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static byte[] ConvertStringToByteArray(String s)
{
return Encoding.UTF8.GetBytes(s);//gb2312
} public static string ConvertByteArrayToString(byte[] buf)
{
//return System.Text.Encoding.GetEncoding(”utf-8”).GetString(buf); return Encoding.UTF8.GetString(buf);
} /// <summary>
/// 字节数组转换为十六进制字符串
/// </summary>
/// <param name=”buf”></param>
/// <returns></returns>
public static string ByteArrayToHexString(byte[] buf)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < buf.Length; i++)
{
sb.Append(buf[i].ToString(”X”).Length == 2 ? buf[i].ToString(”X”) : ”0” + buf[i].ToString(”X”));
}
return sb.ToString();
} /// <summary>
/// 十六进制字符串转换为字节数组
/// </summary>
/// <param name=”s”></param>
/// <returns></returns>
public static byte[] HexStringToByteArray(string s)
{
Byte[] buf = new byte[s.Length / 2];
for (int i = 0; i < buf.Length; i++)
{
buf[i] = (byte)(Char2Hex(s.Substring(i * 2, 1)) * 0x10 + Char2Hex(s.Substring(i * 2 + 1, 1)));
}
return buf;
} private static byte Char2Hex(string chr)
{
switch (chr)
{
case ”0”:
return 0x00;
case ”1”:
return 0x01;
case ”2”:
return 0x02;
case ”3”:
return 0x03;
case ”4”:
return 0x04;
case ”5”:
return 0x05;
case ”6”:
return 0x06;
case ”7”:
return 0x07;
case ”8”:
return 0x08;
case ”9”:
return 0x09;
case ”A”:
return 0x0a;
case ”B”:
return 0x0b;
case ”C”:
return 0x0c;
case ”D”:
return 0x0d;
case ”E”:
return 0x0e;
case ”F”:
return 0x0f;
}
return 0x00;
}
} CryptoService.cs using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.Security.Cryptography;
using System.IO; public class CryptoService
{
/// <summary>
/// 加密的密钥
/// </summary>
string sKey = ”22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70”;
string sIV = ”1E7FA9231E7FA923”; byte[] byteKey;
byte[] byteIV; /// <summary>
/// 加密向量
/// </summary>
static byte[] bIV ={ 1, 2, 3, 4, 5, 6, 7, 8 }; public CryptoService()
{ } public CryptoService(string key, string IV)
{
sKey = key;
sIV = IV; byteKey = CryptoHelper.HexStringToByteArray(sKey);
byteIV = CryptoHelper.HexStringToByteArray(sIV);
} /// <summary>
/// 将明文加密,返回密文
/// </summary>
/// <param name=”Data”>要加密的字串</param>
/// <returns></returns>
public byte[] Encrypt(string Data)
{
try
{
byte[] ret; using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); // Write the byte array to the crypto stream and flush it.
cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); // Get an array of bytes from the
// MemoryStream that holds the
// encrypted data.
ret = mStream.ToArray(); } return ret;
}
catch (CryptographicException e)
{
//Console.WriteLine(”A Cryptographic error occurred: {0}”, e.Message);
return null;
} } /// <summary>
/// 将明文加密,返回密文
/// </summary>
/// <param name=”toEncrypt”>明文</param>
/// <param name=”encrypted”>密文</param>
/// <returns></returns>
public bool Encrypt(byte[] toEncrypt, out byte[] encrypted)
{
encrypted = null;
try
{
// Create a new MemoryStream using the passed
// array of encrypted data.
// Create a CryptoStream using the MemoryStream
// and the passed key and initialization vector (IV).
using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ // Write the byte array to the crypto stream and flush it.
cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); // Get an array of bytes from the
// MemoryStream that holds the
// encrypted data.
encrypted = mStream.ToArray();
} return true;
}
catch (CryptographicException e)
{
//Console.WriteLine(”A Cryptographic error occurred: {0}”, e.Message);
return false;
} } /// <summary>
/// 将明文加密,返回 Base64 字符串
/// </summary>
/// <param name=”Data”></param>
/// <returns></returns>
public string EncryptToString(string Data)
{
try
{
string base64String = string.Empty; using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); byte[] ret = mStream.ToArray(); base64String = Convert.ToBase64String(ret);
} return base64String;
}
catch (CryptographicException e)
{
return null;
} } /// <summary>
/// 将密文解密,返回明文
/// </summary>
/// <param name=”Data”>密文</param>
/// <returns>明文</returns>
public bool Decrypt(byte[] Data, out string decrypted)
{
decrypted = string.Empty;
try
{ using (MemoryStream msDecrypt = new MemoryStream(Data))
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt,
new TripleDESCryptoServiceProvider().CreateDecryptor(byteKey, byteIV),
CryptoStreamMode.Read))
{ byte[] fromEncrypt = new byte[Data.Length]; // Read the decrypted data out of the crypto stream
// and place it into the temporary buffer.
csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length); decrypted = Encoding.UTF8.GetString(fromEncrypt);//new ASCIIEncoding().GetString(fromEncrypt); return true;
}
}
catch (CryptographicException e)
{
return false;
}
} }
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.Security.Cryptography;
using System.IO; public class CryptoService
{
/// <summary>
/// 加密的密钥
/// </summary>
string sKey = ”22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70”;
string sIV = ”1E7FA9231E7FA923”; byte[] byteKey;
byte[] byteIV; /// <summary>
/// 加密向量
/// </summary>
static byte[] bIV ={ 1, 2, 3, 4, 5, 6, 7, 8 }; public CryptoService()
{ } public CryptoService(string key, string IV)
{
sKey = key;
sIV = IV; byteKey = CryptoHelper.HexStringToByteArray(sKey);
byteIV = CryptoHelper.HexStringToByteArray(sIV);
} /// <summary>
/// 将明文加密,返回密文
/// </summary>
/// <param name=”Data”>要加密的字串</param>
/// <returns></returns>
public byte[] Encrypt(string Data)
{
try
{
byte[] ret; using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); // Write the byte array to the crypto stream and flush it.
cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); // Get an array of bytes from the
// MemoryStream that holds the
// encrypted data.
ret = mStream.ToArray(); } return ret;
}
catch (CryptographicException e)
{
//Console.WriteLine(”A Cryptographic error occurred: {0}”, e.Message);
return null;
} } /// <summary>
/// 将明文加密,返回密文
/// </summary>
/// <param name=”toEncrypt”>明文</param>
/// <param name=”encrypted”>密文</param>
/// <returns></returns>
public bool Encrypt(byte[] toEncrypt, out byte[] encrypted)
{
encrypted = null;
try
{
// Create a new MemoryStream using the passed
// array of encrypted data.
// Create a CryptoStream using the MemoryStream
// and the passed key and initialization vector (IV).
using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ // Write the byte array to the crypto stream and flush it.
cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); // Get an array of bytes from the
// MemoryStream that holds the
// encrypted data.
encrypted = mStream.ToArray();
} return true;
}
catch (CryptographicException e)
{
//Console.WriteLine(”A Cryptographic error occurred: {0}”, e.Message);
return false;
} } /// <summary>
/// 将明文加密,返回 Base64 字符串
/// </summary>
/// <param name=”Data”></param>
/// <returns></returns>
public string EncryptToString(string Data)
{
try
{
string base64String = string.Empty; using (MemoryStream mStream = new MemoryStream())
using (CryptoStream cStream = new CryptoStream(mStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
CryptoStreamMode.Write))
{ byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); cStream.Write(toEncrypt, 0, toEncrypt.Length);
cStream.FlushFinalBlock(); byte[] ret = mStream.ToArray(); base64String = Convert.ToBase64String(ret);
} return base64String;
}
catch (CryptographicException e)
{
return null;
} } /// <summary>
/// 将密文解密,返回明文
/// </summary>
/// <param name=”Data”>密文</param>
/// <returns>明文</returns>
public bool Decrypt(byte[] Data, out string decrypted)
{
decrypted = string.Empty;
try
{ using (MemoryStream msDecrypt = new MemoryStream(Data))
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt,
new TripleDESCryptoServiceProvider().CreateDecryptor(byteKey, byteIV),
CryptoStreamMode.Read))
{ byte[] fromEncrypt = new byte[Data.Length]; // Read the decrypted data out of the crypto stream
// and place it into the temporary buffer.
csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length); decrypted = Encoding.UTF8.GetString(fromEncrypt);//new ASCIIEncoding().GetString(fromEncrypt); return true;
}
}
catch (CryptographicException e)
{
return false;
}
} } PostService.cs using System;
using System.Collections.Generic;
using System.Text; public class PostService
{
private System.Collections.Specialized.NameValueCollection Inputs = new System.Collections.Specialized.NameValueCollection();
public string Url = ””;
public string Method = ”post”;
public string FormName = ”form1”; /// <summary>
/// 添加需要提交的名和值
/// </summary>
/// <param name=”name”></param>
/// <param name=”value”></param>
public void Add(string name, string value)
{
Inputs.Add(name, value);
} /// <summary>
/// 以输出Html方式POST
/// </summary>
public void Post()
{
System.Web.HttpContext.Current.Response.Clear(); string html = string.Empty; html += (”<html><head>”);
html += (string.Format(”</head><body onload=\”document.{0}.submit()\”>”, FormName));
html += (string.Format(”<form name=\”{0}\” method=\”{1}\” action=\”{2}\” >”, FormName, Method, Url));
try
{
for (int i = 0; i < Inputs.Keys.Count; i++)
{
html += (string.Format(”<input name=\”{0}\” type=\”hidden\” value=\”{1}\”>”, Inputs.Keys[i], Inputs[Inputs.Keys[i]]));
}
html += (”</form>”);
html += (”</body></html>”); System.Web.HttpContext.Current.Response.Write(html);
System.Web.HttpContext.Current.Response.End();
}
catch (Exception ee)
{
//
}
}
}
using System;
using System.Collections.Generic;
using System.Text; public class PostService
{
private System.Collections.Specialized.NameValueCollection Inputs = new System.Collections.Specialized.NameValueCollection();
public string Url = ””;
public string Method = ”post”;
public string FormName = ”form1”; /// <summary>
/// 添加需要提交的名和值
/// </summary>
/// <param name=”name”></param>
/// <param name=”value”></param>
public void Add(string name, string value)
{
Inputs.Add(name, value);
} /// <summary>
/// 以输出Html方式POST
/// </summary>
public void Post()
{
System.Web.HttpContext.Current.Response.Clear(); string html = string.Empty; html += (”<html><head>”);
html += (string.Format(”</head><body onload=\”document.{0}.submit()\”>”, FormName));
html += (string.Format(”<form name=\”{0}\” method=\”{1}\” action=\”{2}\” >”, FormName, Method, Url));
try
{
for (int i = 0; i < Inputs.Keys.Count; i++)
{
html += (string.Format(”<input name=\”{0}\” type=\”hidden\” value=\”{1}\”>”, Inputs.Keys[i], Inputs[Inputs.Keys[i]]));
}
html += (”</form>”);
html += (”</body></html>”); System.Web.HttpContext.Current.Response.Write(html);
System.Web.HttpContext.Current.Response.End();
}
catch (Exception ee)
{
//
}
}
} SSORequest.cs using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls; [Serializable]
public class SSORequest : MarshalByRefObject
{
public string IASID; //各独立站点标识ID
public string TimeStamp; //时间戳
public string AppUrl; //各独立站点的访问地址
public string Authenticator; //各独立站点的 Token public string UserAccount; //账号
public string Password; //密码 public string IPAddress; //IP地址 //为ssresponse对象做准备
public string ErrorDescription = ”认证失败”; //用户认证通过,认证失败,包数据格式不正确,数据校验不正确
public int Result = -1; public SSORequest()
{ } /// <summary>
/// 获取当前页面上的SSORequest对象
/// </summary>
/// <param name=”CurrentPage”></param>
/// <returns></returns>
public static SSORequest GetRequest(Page CurrentPage)
{
SSORequest request = new SSORequest();
request.IPAddress = CurrentPage.Request.UserHostAddress;
request.IASID = CurrentPage.Request[”IASID”].ToString();// Request本身会Decode
request.UserAccount = CurrentPage.Request[”UserAccount”].ToString();//this.Text
request.Password = CurrentPage.Request[”Password”].ToString();
request.AppUrl = CurrentPage.Request[”AppUrl”].ToString();
request.Authenticator = CurrentPage.Request[”Authenticator”].ToString();
request.TimeStamp = CurrentPage.Request[”TimeStamp”].ToString();
return request;
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls; [Serializable]
public class SSORequest : MarshalByRefObject
{
public string IASID; //各独立站点标识ID
public string TimeStamp; //时间戳
public string AppUrl; //各独立站点的访问地址
public string Authenticator; //各独立站点的 Token public string UserAccount; //账号
public string Password; //密码 public string IPAddress; //IP地址 //为ssresponse对象做准备
public string ErrorDescription = ”认证失败”; //用户认证通过,认证失败,包数据格式不正确,数据校验不正确
public int Result = -1; public SSORequest()
{ } /// <summary>
/// 获取当前页面上的SSORequest对象
/// </summary>
/// <param name=”CurrentPage”></param>
/// <returns></returns>
public static SSORequest GetRequest(Page CurrentPage)
{
SSORequest request = new SSORequest();
request.IPAddress = CurrentPage.Request.UserHostAddress;
request.IASID = CurrentPage.Request[”IASID”].ToString();// Request本身会Decode
request.UserAccount = CurrentPage.Request[”UserAccount”].ToString();//this.Text
request.Password = CurrentPage.Request[”Password”].ToString();
request.AppUrl = CurrentPage.Request[”AppUrl”].ToString();
request.Authenticator = CurrentPage.Request[”Authenticator”].ToString();
request.TimeStamp = CurrentPage.Request[”TimeStamp”].ToString();
return request;
}
} 配置web.config <authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”60”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization>
<authentication mode=”Forms”>
<forms name=”.AspxFormAuth” loginUrl=”Default.aspx” defaultUrl=”center.html” protection=”All” path=”/” timeout=”60”>
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users=”?”/>
</authorization> 最后效果如下:登录总站后,各站点之间无需再登录,可以互相访问。 另外,注销登录后,访问站点1 http://localhost/Site1/Default.aspx ,会自动跳转到主站登录页面 http://localhost/MasterSite/Default.aspx ,同样访问站点2 http://localhost/Site2/Default.aspx 也会转到主站登录页面。从主站登录后,分别访问站点1和站点2。 在IIS配置虚拟目录MasterSite Site1 Site2,当然你也可以新建站点MasterSite Site1 Site2,修改hosts表
127.0.0.1 www.MasterSite.com 127.0.0.1 www.Site1.com 127.0.0.1 www.Site2.com 源代码下载:http://download.csdn.net/source/1571879
[转]asp.net 跨域单点登录的更多相关文章
- asp.net 真正实现完全跨域单点登录
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一.SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统. asp.ne ...
- 使用Cookie实现跨域单点登录的原理
对于构建分布式系统来说业务功能的物理部署会随着新业务模块的增加而增加或改变物理部署的位置.而每个用户都有统一的帐号作为我们登录系统时的一个认证.当新业务或子系统部署在不同的物理机上,我们去访问不同的业 ...
- Cookie同域,跨域单点登录(转)
Cookie 同域单点登录 最近在做一个单点登录的系统整合项目,之前我们使用控件实现单点登录(以后可以介绍一下).但现在为了满足客户需求,在不使用控件情况下实现单点登录,先来介绍一下单点登录. 单点登 ...
- Cookie同域,跨域单点登录
Cookie 同域单点登录 最近在做一个单点登录的系统整合项目,之前我们使用控件实现单点登录(以后可以介绍一下).但现在为了满足客户需求,在不使用控件情况下实现单点登录,先来介绍一下单点登录. 单点登 ...
- B/S系统间跨域单点登录设计思路
基于B/S系统间单点登录 此处说的单点登录的概念,即不同系统公用一个登录界面.一处系统通过登录验证,在接入的各系统均为登录状态.一般有两种情景: 1) 一级域名相同 例如:tieba.baidu.c ...
- Asp.Net Core基于Cookie实现同域单点登录(SSO)
在同一个域名下有很多子系统 如:a.giant.com b.giant.com c.giant.com等 但是这些系统都是giant.com这个子域. 这样的情况就可以在不引用其它框架的情况下, ...
- 网站跨站点单点登录实现--cookie
至于什么是单点登录,举个例子,如果你登录了msn messenger,访问hotmail邮件就不用在此登录.一般单点登录都需要有一个独立的登录站点,一般具有独立的域名,专门的进行注册,登录,注销等操作 ...
- JAVA实现同域单点登录
所用技术: SSM MySQL Maven Tomcat8.0 同域单点登录详细步骤如下: 1.首先写一个登录界面(隐藏域为暂存地址) 2.判断用户密码是否正确,正确则添加cookie,否则返回错误页 ...
- asp.net 跨域问题
asp.net 跨域问题 解决方案1: public void ProcessRequest(HttpContext context) { //解决跨域问题 context.Response.Clea ...
随机推荐
- axis client tomcat jsp调用最少jar
tomcat调用和main方法调用不同在于引入的jar不一样.tomcat引入的jar是全部lib以下的jar包,main是project引入的jar.假设直接进行公布lib下的全部jar都会引入到p ...
- UVa 401 Palindromes(镜像回文字符串)
题意 给一个字符串 判定其是否为回文串和镜像串 回文串非常好推断 镜像串对于每个字符用数组保存它的镜像字符即可了 没有的就是空格 注意若字符串长度为奇数 中间那个字母必须是对称的才是镜 ...
- linux入门基础——linux软件管理RPM
由于linux入门基础是基于CentOS解说的,讲的是CentOS上的软件包管理.ubuntu的软件包管理有这些:ubuntu软件包管理,包管理指南,ubuntu软件包管理. linux软件管理:RP ...
- Boost中的Timer的使用——计算时间流逝
使用Boost中的Timer库计算程序的运行时间 程序开发人员都会面临一个共同的问题,即写出高质量的代码完毕特定的功能.评价代码质量的一个重要标准就是算法的运行效率,也就是算法的运行时间.为了可靠的提 ...
- 使用css属性line-height实现文字垂直居中的问题
使用css属性line-height实现文字垂直居中的问题 1.使用css属性line-height实现文字垂直居中 方法比较简单,但是只能实现单行文字的垂直居中. 单行垂直居中效果如下: 要是p ...
- 内部消息 微软中国云计算 内測Azure免费账号 赶紧申请 错过不再有
内部消息 微软中国云计算 顶级内測Azure免费账号 火热申请 过期不再有! 微软MSDN俱乐部 29754721, [一大波Azure免费账号来袭]Windows Azure再次开启示放免费试用账 ...
- 用过滤器Filter判断用户是否登陆
用过滤器Filter判断用户是否登陆 WEB.XML <!-- 用户session的 键 sessionKEY --> <context-param> <param- ...
- 机器学习: KNN--python
今天介绍机器学习中比较常见的一种分类算法,K-NN,NN 就是 Nearest Neighbors, 也就是最近邻的意思,这是一种有监督的分类算法,给定一个 test sample, 计算这个 tes ...
- Servlet单例非安全解析
Servlet容器默认是采用单实例多线程的方式处理多个请求 Servlet容器<Web容器<应用服务器?apache<tomcat<websphere Servlet不是线程安 ...
- ssh远程连接docker中linux(ubuntu/centos)
ssh远程连接docker中linux(ubuntu/centos) https://www.jianshu.com/p/9e4d50ddc57e centos docker pull centos: ...