单点登录SSO for ASP.NET (二)

上一篇和大家分享了SSO的基本原理,这篇将主要和大家分享下.NET如何使用SSO。

最于应用系统要改为SSO方式,需要进行以下几步:

1、去掉原先的登录方式

2、获取相关证书

3、进行SSO配置

4、书写相关代码

我逐步解释下:

第一步说的有点废话,不过如果忘记的话,用户将是多么的生气。

第二步就是从统一身份认证系统那里得到你需要的证书。

第三部进行配置,

1) 将单点登录服务证书导入到IIS

2) 下载DotNetCasClient.dll,添加至项目引用中:
下载地址:https://wiki.jasig.org/display/CASC/.Net+Cas+Client

记住,最后发布后bin文件夹中一定要包含DotNetCasClient.dll

3) 配置Web.config,在configuration节点下添加

  1. <membership>
  2.       <providers>
  3.         <clear/>
  4.         <addname="AspNetSqlMembershipProvider"type="System.Web.Security.SqlMembershipProvider"connectionStringName="ApplicationServices"enablePasswordRetrieval="false"enablePasswordReset="true"requiresQuestionAndAnswer="false"requiresUniqueEmail="false"maxInvalidPasswordAttempts="5"minRequiredPasswordLength="6"minRequiredNonalphanumericCharacters="0"passwordAttemptWindow="10"applicationName="/"/>
  5.       </providers>
  6.     </membership>
  7.     <profile>
  8.       <providers>
  9.         <clear/>
  10.         <addname="AspNetSqlProfileProvider"type="System.Web.Profile.SqlProfileProvider"connectionStringName="ApplicationServices"applicationName="/"/>
  11.       </providers>
  12.     </profile>
  13.     <roleManagerenabled="false">
  14.       <providers>
  15.         <clear/>
  16.         <addname="AspNetSqlRoleProvider"type="System.Web.Security.SqlRoleProvider"connectionStringName="ApplicationServices"applicationName="/"/>
  17.         <addname="AspNetWindowsTokenRoleProvider"type="System.Web.Security.WindowsTokenRoleProvider"applicationName="/"/>
  18.       </providers>
  19.     </roleManager>
  20.   </system.web>
  21.   <system.webServer>
  22.     <modulesrunAllManagedModulesForAllRequests="true"/>
  23.   </system.webServer>

 

第四步代码的书写,

引用命名空间:

  1. using System.IO;
  2. using System.Net;
  3. using System.Xml;
  4. using System.Security.Cryptography.X509Certificates;

添加代码:

  1. ServicePointManager.CertificatePolicy = newMyPolicy();
  2.             //ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback();
  3.  
  4.             // Look for the "ticket=" after the "?" in the URL
  5.             string tkt = (Request["ticket"] == null ? "" : Request["ticket"]).ToString();
  6.  
  7.             // This page is the CAS service=, but discard any query string residue
  8.             string service = Request.Url.GetLeftPart(UriPartial.Path) == null ? "": Request.Url.GetLeftPart(UriPartial.Path).ToString();
  9.  
  10.             // First time through there is no ticket=, so redirect to CAS login
  11.             if (tkt == null || tkt.Length == 0)
  12.             {
  13.                 string redir = CASHOST + "login?service=" + service;
  14.                 Response.Redirect(redir);
  15.                 return"";
  16.             }
  17.             else
  18.             {
  19.                 // Second time (back from CAS) there is a ticket= to validate
  20.                 string validateurl = CASHOST + "serviceValidate?" +
  21.                   "ticket=" + tkt + "&" +
  22.                   "service=" + service;
  23.                 StreamReader Reader = newStreamReader(newWebClient().OpenRead(validateurl));
  24.                 string resp = Reader.ReadToEnd();
  25.                 // I like to have the text in memory for debugging rather than parsing the stream
  26.  
  27.                 // Some boilerplate to set up the parse.
  28.                 NameTable nt = newNameTable();
  29.                 XmlNamespaceManager nsmgr = newXmlNamespaceManager(nt);
  30.                 XmlParserContext context = newXmlParserContext(null, nsmgr, null, XmlSpace.None);
  31.                 XmlTextReader reader = newXmlTextReader(resp, XmlNodeType.Element, context);
  32.  
  33.                 string netid = null;
  34.  
  35.                 // A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
  36.                 while (reader.Read())
  37.                 {
  38.                     if (reader.IsStartElement())
  39.                     {
  40.                         string tag = reader.LocalName;
  41.                         if (tag == "user")
  42.                             netid = reader.ReadString();
  43.                     }
  44.                 }
  45.                 // if you want to parse the proxy chain, just add the logic above
  46.                 reader.Close();
  47.                 // If there was a problem, leave the message on the screen. Otherwise, return to original page.
  48.                 if (netid == null)
  49.                 {
  50.                     Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
  51.                 }
  52.                 else
  53.                 {
  54.                     Session["UserName"] = netid;
  55.                     Label1.Text = "Welcome " + netid;
  56.                     FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
  57.                 }
  58.                 return netid;
  59.             }
  1. publicclassMyPolicy : ICertificatePolicy
  2. {
  3.     publicbool CheckValidationResult(
  4.           ServicePoint srvPoint
  5.         , X509Certificate certificate
  6.         , WebRequest request
  7.         , int certificateProblem)
  8.     {
  9.         //Return True to force the certificate to be accepted.
  10.         returntrue;
  11.  
  12.     }
  13. }

这样四步走下来,基本就差不多了,另外string CASHOST ="https://sso.test.com:xxxx/casServer/";可以将sso服务器的地址写入web.config,从config读取便于以后维护。

刘国柱作于2012-09-20

原创文章转载请注明出处

posted on 2012-09-20 12:44  Empty.  阅读(2104)  评论(0编辑  收藏  举报

导航