Asp.net Mvc4 使用Cas单点登录
因项目需要,使用了耶鲁大学的Cas单点登录方案,在java中使用一直正常,但是在.Net中碰到了循环重定向的问题,反复测试后,总算解决了,最终的配置如下:
<?xml version="1.0" encoding="utf-8"?> <!-- 有关如何配置 ASP.NET 应用程序的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <configSections> <section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" /> </configSections> <appSettings> <add key="webpages:Version" value="2.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="PreserveLoginUrl" value="true" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> </appSettings> <casClientConfig casServerLoginUrl="http://192.168.101.100:8082/cas/login" casServerUrlPrefix="http://192.168.101.100:8082/cas/" serverName="http://192.168.101.109/SSOMvc" redirectAfterValidation="true" gateway="false" renew="false" singleSignOut="true" ticketTimeTolerance="5000" ticketValidatorName="Cas20" serviceTicketManager="CacheServiceTicketManager" gatewayStatusCookieName="CasGatewayStatus" /> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms loginUrl="http://192.168.101.100:8082/cas/login" timeout="30" defaultUrl="~/Home/Index" cookieless="UseCookies" slidingExpiration="true" path="/SSOMvc/" /> </authentication> <pages> <namespaces> <add namespace="System.Web.Helpers" /> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Optimization" /> <add namespace="System.Web.Routing" /> <add namespace="System.Web.WebPages" /> </namespaces> </pages> <httpModules> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> </httpModules> <sessionState mode="StateServer" cookieless="UseCookies" timeout="3600"></sessionState> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="DotNetCasClient" /> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> </modules> <handlers> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" /> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> <system.diagnostics> <trace autoflush="true" useGlobalLock="false" /> <sharedListeners> <!-- Writing trace output to a log file is recommended. IMPORTANT: The user account under which the containing application pool runs must have privileges to create and modify the trace log file. --> <add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="F:\RunLog\DotNetCasClient.Log" traceOutputOptions="DateTime" /> </sharedListeners> <sources> <!-- Provides diagnostic information on module configuration parameters. --> <source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. --> <source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides protocol message and routing information. --> <source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides details on security operations and notable security conditions. --> <source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> </sources> <switches> <!-- Set trace switches to appropriate logging level. Recommended values in order of increasing verbosity: - Off - Error - Warning - Information - Verbose --> <!-- Config category displays detailed information about CasAuthenticationModule configuration. The output of this category is only displayed when the module is initialized, which happens for the first request following application/server startup. --> <add name="Config" value="Verbose"/> <!-- Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule. This category produces voluminous output in Verbose mode and should be avoided except for limited periods of time troubleshooting vexing integration problems. --> <add name="HttpModule" value="Verbose"/> <!-- Set to Verbose to display protocol messages between the client and server. This category is very helpful for troubleshooting integration problems. --> <add name="Protocol" value="Verbose"/> <!-- Displays important security-related information. --> <add name="Security" value="Verbose"/> </switches> </system.diagnostics> </configuration>
注意:我测试时直接访问域名,不加具体的路径会一直“循环重定向”,例如:http://192.168.101.109/SSOMvc,这样测试的地址默认的defaultUrl为Home/Index,如果直接访问就会出现“循环重定向”,但是直接访问http://192.168.101.109/SSOMvc/Home/Index在登录后,重定向回来是正常的。但是在asp.net 中测试没这个问题,只有mvc才会碰到。
2014-11-26更新:后续重定向的问题在一位同事那里得到了解决,在mvc中forms的属性配置path=“/SSOMvc/”改为“/SSOMvc”,据说跟casClientConfig的属性serverName相对应,如果这里的路径最后面包含了斜杠,path的值中也应该包含。
