web api 单点登录(SSO) 权限验证
本文介绍利用web api实现单点登录,具体原理请看http://www.cnblogs.com/Work-hard/archive/2013/04/10/3011589.html,下面主要介绍相关代码:
分站代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Mvc;
using System.Net.Http;
namespace MvcApplication2.Controllers
{
public class HomeController : Controller
{
public class infoMassege
{
public string webName { get; set; }
public string[] message { get; set; }
}
public ActionResult Index()
{
//令牌验证结果
if (Request.QueryString["Token"] != null)
{
//持有令牌
string tokenValue = Request.QueryString["Token"];
HttpCookie tokenCookie = new HttpCookie("Token");
tokenCookie.Values.Add("Value", tokenValue);
tokenCookie.Expires = DateTime.Now.Add(new TimeSpan(24, 0, 0));
tokenCookie.Path = "/";
Response.AppendCookie(tokenCookie);
if (Session["Info"]==null)
{
getInfo(tokenValue);
}
}
else if (Request.Cookies["Token"]!= null)
{
string tokenValue = Convert.ToString(Request.Cookies["Token"].Value);
if (Session["Info"] == null)
{
getInfo(tokenValue);
}
}
else
{
//未持有令牌
Response.Redirect("http://localhost:4213/?BackURL=" + Server.UrlEncode(Request.Url.AbsoluteUri));
}
return View();
}
public void getInfo(string tokenValue)
{ //客户端调用Web api
System.Net.Http.HttpClient client = new System.Net.Http.HttpClient();
client.BaseAddress = new Uri("http://localhost:4213/");
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.GetAsync("api/Login/?token=" + tokenValue).Result;
if (response.IsSuccessStatusCode)
{
infoMassege info = response.Content.ReadAsAsync<infoMassege>().Result;
string[] a = info.message;
System.Web.HttpContext.Current.Session["Info"] = a;
System.Web.HttpContext.Current.Session.Timeout = 1;
}
else
{
Response.Redirect("http://localhost:4213/?BackURL=" + Server.UrlEncode(Request.Url.AbsoluteUri));
return;
}
}
}
}
主站代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using SSO.Passport.Class;
using System.Data;
namespace MvcApplication1.Controllers
{
public class LoginController : ApiController
{
public class infoMassege
{
public string webName { get; set; }
public string[] message { get; set; }
//public string webName = "a";
//public string[] message = { "user", "admin", "tuorist" };
};
HttpResponseMessage response;
LoginController()
{
response = new HttpResponseMessage();
}
[HttpPost]
public HttpResponseMessage Post()
{
//摸拟用户登录验证(帐号、密码于web.config中)
//真实环境此处应通过数据库进行验证
//if (this.txtAccount.Text == System.Configuration.ConfigurationManager.AppSettings["acc"] && this.txtPassport.Text == System.Configuration.ConfigurationManager.AppSettings["pas"])
//{
//产生令牌
string tokenValue = this.getGuidString();
HttpContext.Current.Cache.Insert(tokenValue+"a", tokenValue, null, DateTime.Now.AddMinutes(3), TimeSpan.Zero);
//产生主站凭证
CreateInfo(tokenValue);
response = Request.CreateResponse(HttpStatusCode.OK, @"{""tokenValue"":""" + tokenValue+@"""}");
return response;
}
//产生主站凭证
private void CreateInfo(string tokenValue)
{
infoMassege info = new infoMassege();
info.message = new string[] { "user", "admin", "tuorist" };
info.webName = "a";
if (HttpContext.Current.Cache[tokenValue] == null)
{
HttpContext.Current.Cache.Insert(tokenValue, info, null, DateTime.Now.AddMinutes(1),TimeSpan.Zero);
}
//System.Web.Caching.Cache c = HttpContext.Current.Cache;
//CacheManager.TokenInsert(tokenValue, info, DateTime.Now.AddMinutes(100));
}
[HttpGet]
public HttpResponseMessage getCache(string token)
{
if (HttpContext.Current.Cache[token + "a"] != null)
{
infoMassege proof = new infoMassege();
proof = (infoMassege)HttpContext.Current.Cache[token];
if (proof != null)
{
response = Request.CreateResponse(HttpStatusCode.OK, proof);
}
else
{
CreateInfo(token);
getCache(token);
}
}
else
{
response = Request.CreateResponse(HttpStatusCode.Forbidden);
}
return response;
}
/// <summary>
/// 产生绝对唯一字符串,用于令牌
/// </summary>
/// <returns></returns>
private string getGuidString()
{
return Guid.NewGuid().ToString().ToUpper();
}
}
}
