关键字:单点登录 跨域 跨域单点登录
源代码下载:http://download.csdn.net/source/1571879
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。
asp.net跨域单点登录分为:
1、跨子域单点登录。如 blog.a.com 和 info.a.com 这2个站点同属一个主域.a.com,实现跨子域单点登录很简单,可以利用cookie,设置Domain为".a.com‘即可,这里就不再赘叙。
2、完成跨域单点登录。如 http://www.a.com/ http://www.b.com/ 这2个站点之间实现共享一个身份验证系统,只需在一处地方登录,下面主要谈下这种方式的实现方法。
asp.net 跨域单点登录实现原理:
当用户第一次访问web应用系统1的时候,因为还没有登录,会被引导到认证中心进行登录;根据用户提供的登录信息,认证系统进行身份效验,如果通过效验,返回给用户一个认证的凭据;用户再访问别的web应用的时候就会将这个Token带上,作为自己认证的凭据,应用系统接受到请求之后会把Token送到认证中心进行效验,检查Token的合法性。如果通过效验,用户就可以在不用再次登录的情况下访问应用系统2和应用系统3了。所有应用系统共享一个身份认证系统。认证系统的主要功能是将用户的登录信息和用户信息库相比较,对用户进行登录认证;认证成功后,认证系统应该生成统一的认证标志,返还给用户。另外,认证系统还应该对Token进行效验,判断其有效性。 所有应用系统能够识别和提取Token信息要实现SSO的功能,让用户只登录一次,就必须让应用系统能够识别已经登录过的用户。应用系统应该能对Token进行识别和提取,通过与认证系统的通讯,能自动判断当前用户是否登录过,从而完成单点登录的功能。
比如说,我现在有3个分站点和1个认证中心(总站)。当用户访问分站点的时候,分站点会发Token到验证中心进行验证。验证中心判断用户是否已经登录。如果未登录,则返回到验证中心登录入口进行登录,否之则返回Token验证到分站点,直接进入分站点。
如图所示:
上面是实现单点登录的原理图,下面介绍下如何用asp.net实现跨域单点登录:
一、新建网站 MasterSite,作为总站认证中心。配置web.config,采用form登录验证。 配置如下:
1.<authentication mode="Forms"> 2. <forms name=".AspxFormAuth" loginUrl="Default.aspx" defaultUrl="center.html" protection="All" path="/" timeout="120"> 3. </forms> 4.</authentication> 5.<authorization> 6. <!--拒绝所有匿名用户--> 7. <deny users="?"/> 8.</authorization>
添加Default.aspx页面,用来进行登录。代码如下:
HTML Code:
1.<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> 2. 3.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 4. 5.<html xmlns="http://www.w3.org/1999/xhtml" > 6.<head runat="server"> 7. <title>总站登录</title> 8.</head> 9.<body> 10. <form id="form1" runat="server"> 11. <div> 12. <asp:Login ID="Login1" runat="server" OnAuthenticate="Login1_Authenticate" UserName="test"> 13. </asp:Login> 14. </div> 15. </form> 16.</body> 17.</html>
Default.cs Code:
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Web.UI;
7.using System.Web.UI.WebControls;
8.using System.Web.UI.WebControls.WebParts;
9.using System.Web.UI.HtmlControls;
10.using System.Text;
11.
12.public partial class _Default : System.Web.UI.Page
13.{
14. protected void Page_Load(object sender, EventArgs e)
15. {
16. if (!IsPostBack)
17. {
18. SSORequest ssoRequest = new SSORequest();
19.
20.
21. #region 验证 Post 过来的参数
22. //--------------------------------
23. // 请求注销
24. if (!string.IsNullOrEmpty(Request["Logout"]))
25. {
26. Authentication.Logout();
27. return;
28. }
29. //--------------------------------
30. // 各独立站点标识
31. if (string.IsNullOrEmpty(Request["IASID"]))
32. {
33. return;
34. }
35. else
36. {
37. ssoRequest.IASID = Request["IASID"];
38. }
39.
40. //--------------------------------
41. // 时间戳
42. if (string.IsNullOrEmpty(Request["TimeStamp"]))
43. {
44. return;
45. }
46. else
47. {
48. ssoRequest.TimeStamp = Request["TimeStamp"];
49. }
50.
51. //--------------------------------
52. // 各独立站点的访问地址
53. if (string.IsNullOrEmpty(Request["AppUrl"]))
54. {
55. return;
56. }
57. else
58. {
59. ssoRequest.AppUrl = Request["AppUrl"];
60. }
61.
62. //--------------------------------
63. // 各独立站点的 Token
64. if (string.IsNullOrEmpty(Request["Authenticator"]))
65. {
66. return;
67. }
68. else
69. {
70. ssoRequest.Authenticator = Request["Authenticator"];
71. }
72.
73. ViewState["SSORequest"] = ssoRequest;
74.
75. #endregion
76.
77.
78. //验证从分站发过来的Token
79. if (Authentication.ValidateAppToken(ssoRequest))
80. {
81. string userAccount = null;
82.
83. // 验证用户之前是否登录过
84. //验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
85. if (Authentication.ValidateEACCookie(out userAccount))
86. {
87. ssoRequest.UserAccount = userAccount;
88.
89. //创建认证中心发往各分站的 Token
90. if (Authentication.CreateEACToken(ssoRequest))
91. {
92. Post(ssoRequest);
93. }
94. }
95. else
96. {
97. return;
98. }
99. }
100. else
101. {
102. return;
103. }
104. }
105. }
106.
107.
108. //post请求
109. void Post(SSORequest ssoRequest)
110. {
111. PostService ps = new PostService();
112.
113. ps.Url = ssoRequest.AppUrl;
114.
115. ps.Add("UserAccount", ssoRequest.UserAccount);
116. ps.Add("IASID", ssoRequest.IASID);
117. ps.Add("TimeStamp", ssoRequest.TimeStamp);
118. ps.Add("AppUrl", ssoRequest.AppUrl);
119. ps.Add("Authenticator", ssoRequest.Authenticator);
120.
121. ps.Post();
122. }
123.
124. /// <summary>
125. /// 验证登录账号和密码是否正确
126. /// </summary>
127. /// <param name="userName">登录账号</param>
128. /// <param name="userPwd">登录密码</param>
129. /// <returns></returns>
130. private bool ValidateUserInfo(string userName, string userPwd)
131. {
132. //从数据库中读取,验证登录账号和密码
133. //略...
134. return true;
135. }
136.
137. protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
138. {
139. if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
140. {
141. Page.RegisterClientScriptBlock("Add", "<mce:script lanuage=\"javascript\"><!--
142.alert(‘用户名密码不能为空!‘);
143.// --></mce:script>");
144. return;
145. }
146. else if (ValidateUserInfo(Login1.UserName, Login1.Password) == false)
147. {
148. Page.RegisterClientScriptBlock("Add", "<mce:script lanuage=\"javascript\"><!--
149.alert(‘用户名密码错误!‘);
150.// --></mce:script>");
151. return;
152. }
153. else
154. {
155. Session["CurrUserName"] = Login1.UserName;
156. Session.Timeout = 120;
157.
158. SSORequest ssoRequest = ViewState["SSORequest"] as SSORequest;
159.
160. // 如果不是从各分站 Post 过来的请求,则默认登录主站
161. if (ssoRequest == null)
162. {
163. FormsAuthentication.SetAuthCookie(Login1.UserName, false);
164.
165. ssoRequest = new SSORequest();
166. //主站标识ID
167. ssoRequest.IASID = "00";
168. ssoRequest.AppUrl = "SiteList.aspx";
169. ssoRequest.TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm");
170. ssoRequest.Authenticator = string.Empty;
171.
172. Response.Redirect("SiteList.aspx");
173. }
174. ssoRequest.UserAccount = Login1.UserName;
175.
176. //创建Token
177. if (Authentication.CreateEACToken(ssoRequest))
178. {
179. string expireTime = DateTime.Now.AddHours(3).ToString("yyyy-MM-dd HH:mm");
180.
181. Authentication.CreatEACCookie(ssoRequest.UserAccount, ssoRequest.TimeStamp, expireTime);
182.
183. Post(ssoRequest);
184. }
185.
186. }
187. }
188.
189.
190.}
代码说明:验证分站post过来的Token请求,如果用户已经登录,则创建认证中心发往各分站的 Token验证,转向分站,否之则返回登录。若是直接登录主站则转向站点选择页面sitelist.aspx,选择你要登录的分站点。
如图:
二、新建站点1,代码如下:
HTML Code:
1.<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> 2. 3.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 4. 5.<html xmlns="http://www.w3.org/1999/xhtml" > 6.<head runat="server"> 7. <title> 站点一</title> 8.</head> 9.<body> 10. <form id="form1" runat="server"> 11. <div> 12. <br /> 13. <br /> 14. <asp:LinkButton ID="LinkButton1" runat="server" OnClick="LinkButton1_Click">返回主站</asp:LinkButton> 15. 16. <asp:LinkButton ID="LinkButton2" runat="server" OnClick="LinkButton2_Click">注销登录</asp:LinkButton></div> 17. </form> 18.</body> 19.</html>
Default.cs code:
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Web.UI;
7.using System.Web.UI.WebControls;
8.using System.Web.UI.WebControls.WebParts;
9.using System.Web.UI.HtmlControls;
10.using System.Text;
11.
12.public partial class _Default : System.Web.UI.Page
13.{
14. protected void Page_Load(object sender, EventArgs e)
15. {
16. if (!IsPostBack)
17. {
18. #region SSO 部分代码
19. SSORequest ssoRequest = new SSORequest();
20.
21. if (string.IsNullOrEmpty(Request["IASID"]))
22. {
23. ssoRequest.IASID = "01";
24. ssoRequest.TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm");
25. ssoRequest.AppUrl = Request.Url.ToString();
26. Authentication.CreateAppToken(ssoRequest);
27.
28. Post(ssoRequest);
29. }
30. else if (!string.IsNullOrEmpty(Request["IASID"])
31. && !string.IsNullOrEmpty(Request["TimeStamp"])
32. && !string.IsNullOrEmpty(Request["AppUrl"])
33. && !string.IsNullOrEmpty(Request["UserAccount"])
34. && !string.IsNullOrEmpty(Request["Authenticator"]))
35. {
36. ssoRequest.IASID = Request["IASID"];
37. ssoRequest.TimeStamp = Request["TimeStamp"];
38. ssoRequest.AppUrl = Request["AppUrl"];
39. ssoRequest.UserAccount = Request["UserAccount"];
40. ssoRequest.Authenticator = Request["Authenticator"];
41.
42. if (Authentication.ValidateEACToken(ssoRequest))
43. {
44. //从数据库中获取UserId
45. Session["CurrUserName"] = Request["UserAccount"];
46. Session.Timeout = 120;
47. FormsAuthentication.SetAuthCookie(Request["UserAccount"], false);
48. Response.Write(string.Format("{0},您好!欢迎来到site1, >> 访问<a href="\" mce_href="\""http://localhost/Site2/Default.aspx\">site2</a>",ssoRequest.UserAccount));
49. }
50. }
51.
52. ViewState["SSORequest"] = ssoRequest;
53.
54. #endregion
55. }
56. }
57.
58. void Post(SSORequest ssoRequest)
59. {
60. PostService ps = new PostService();
61. //认证中心(主站)地址
62. string EACUrl = "http://localhost/MasterSite/Default.aspx";
63. ps.Url = EACUrl;
64. //ps.Add("UserAccount", ssoRequest.UserAccount);
65. ps.Add("IASID", ssoRequest.IASID);
66. ps.Add("TimeStamp", ssoRequest.TimeStamp);
67. ps.Add("AppUrl", ssoRequest.AppUrl);
68. ps.Add("Authenticator", ssoRequest.Authenticator);70. ps.Post();
71. }
72.
73.
74. //注销登录
75. protected void LinkButton2_Click(object sender, EventArgs e)
76. {
77. FormsAuthentication.SignOut();
78.
79. SSORequest ssoRequest = new SSORequest();
80.
81. ssoRequest.IASID = "01";
82. ssoRequest.TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm");
83. ssoRequest.AppUrl = Request.Url.ToString();
84.
85. Authentication.CreateAppToken(ssoRequest);
86.
87. PostService ps = new PostService();
88.
89. //认证中心(主站)地址
90. string EACUrl = "http://localhost/MasterSite/Default.aspx";
91. ps.Url = EACUrl;
92.
93. ps.Add("IASID", ssoRequest.IASID);
94. ps.Add("TimeStamp", ssoRequest.TimeStamp);
95. ps.Add("AppUrl", ssoRequest.AppUrl);
96. ps.Add("Authenticator", ssoRequest.Authenticator);
97.
98. ps.Add("Logout", "true");
99.
100. ps.Post();
101. }
102.
103. //返回主站
104. protected void LinkButton1_Click(object sender, EventArgs e)
105. {
106. if (Session["CurrUserName"] != null)
107. {
108. Response.Redirect("http://localhost/MasterSite/SiteList.aspx");
109. }
110. }
111.}
配置web.config
1.<authentication mode="Forms"> 2. <forms name=".AspxFormAuth" loginUrl="Default.aspx" defaultUrl="center.html" protection="All" path="/" timeout="60"> 3. </forms> 4. </authentication> 5. <authorization> 6. <!--拒绝所有匿名用户--> 7. <deny users="?"/> 8. </authorization>
三、同二一样,新建站点Site2,代码如下:
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Web.UI;
7.using System.Web.UI.WebControls;
8.using System.Web.UI.WebControls.WebParts;
9.using System.Web.UI.HtmlControls;
10.
11.public partial class _Default : System.Web.UI.Page
12.{
13. protected void Page_Load(object sender, EventArgs e)
14. {
15. if (!IsPostBack)
16. {
17. #region SSO 部分代码
18. SSORequest ssoRequest = new SSORequest();
19.
20. if (string.IsNullOrEmpty(Request["IASID"]))
21. {
22. ssoRequest.IASID = "02";
23. ssoRequest.TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm");
24. ssoRequest.AppUrl = Request.Url.ToString();
25. Authentication.CreateAppToken(ssoRequest);
26.
27. Post(ssoRequest);
28. }
29. else if (!string.IsNullOrEmpty(Request["IASID"])
30. && !string.IsNullOrEmpty(Request["TimeStamp"])
31. && !string.IsNullOrEmpty(Request["AppUrl"])
32. && !string.IsNullOrEmpty(Request["UserAccount"])
33. && !string.IsNullOrEmpty(Request["Authenticator"]))
34. {
35. ssoRequest.IASID = Request["IASID"];
36. ssoRequest.TimeStamp = Request["TimeStamp"];
37. ssoRequest.AppUrl = Request["AppUrl"];
38. ssoRequest.UserAccount = Request["UserAccount"];
39. ssoRequest.Authenticator = Request["Authenticator"];
40.
41. if (Authentication.ValidateEACToken(ssoRequest))
42. {
43. Session["CurrUserName"] = Request["UserAccount"];
44. Session.Timeout = 120;
45. FormsAuthentication.SetAuthCookie(Request["UserAccount"], false);
46. Response.Write(string.Format("{0},您好!欢迎来到site2, >> 访问<a href="\" mce_href="\""http://localhost/Site1/Default.aspx\">site1</a>", ssoRequest.UserAccount));
47. }
48. }
49.
50. ViewState["SSORequest"] = ssoRequest;
51.
52. #endregion
53. }
54. }
55.
56. void Post(SSORequest ssoRequest)
57. {
58. PostService ps = new PostService();
59. //认证中心(主站)地址
60. string EACUrl = "http://localhost/MasterSite/Default.aspx";
61. ps.Url = EACUrl;
62. //ps.Add("UserAccount", ssoRequest.UserAccount);
63. ps.Add("IASID", ssoRequest.IASID);
64. ps.Add("TimeStamp", ssoRequest.TimeStamp);
65. ps.Add("AppUrl", ssoRequest.AppUrl);
66. ps.Add("Authenticator", ssoRequest.Authenticator);
67.
68. ps.Post();
69. }
70.
71.
72. //注销登录
73. protected void LinkButton2_Click(object sender, EventArgs e)
74. {
75. FormsAuthentication.SignOut();
76.
77. SSORequest ssoRequest = new SSORequest();
78.
79. ssoRequest.IASID = "02";
80. ssoRequest.TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm");
81. ssoRequest.AppUrl = Request.Url.ToString();
82.
83. Authentication.CreateAppToken(ssoRequest);
84.
85. PostService ps = new PostService();
86.
87. //认证中心(主站)地址
88. string EACUrl = "http://localhost/MasterSite/Default.aspx";
89. ps.Url = EACUrl;
90.
91. ps.Add("IASID", ssoRequest.IASID);
92. ps.Add("TimeStamp", ssoRequest.TimeStamp);
93. ps.Add("AppUrl", ssoRequest.AppUrl);
94. ps.Add("Authenticator", ssoRequest.Authenticator);
95.
96. ps.Add("Logout", "true");
97.
98. ps.Post();
99. }
100.
101. //返回主站
102. protected void LinkButton1_Click(object sender, EventArgs e)
103. {
104. if (Session["CurrUserName"] != null)
105. {
106. Response.Redirect("http://localhost/MasterSite/SiteList.aspx");
107. }
108. }
109.}
对于tokent请求,tokent验证,需要对它进行加密、解密。
其它代码:
Authentication.cs
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Collections.Generic;
7.using System.Text;
8.
9./// <summary>
10./// 安全验证类
11./// </summary>
12.public class Authentication
13.{
14. static readonly string cookieName = "EACToken";
15. static readonly string hashSplitter = "|";
16.
17. public Authentication()
18. {
19. }
20.
21. public static string GetAppKey(int appID)
22. {
23. //string cmdText = @"select * from ";
24. return string.Empty;
25. }
26.
27. public static string GetAppKey()
28. {
29. return "22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70";
30. }
31.
32. public static string GetAppIV()
33. {
34. return "1E7FA9231E7FA923";
35. }
36.
37. /// <summary>
38. /// 取得加密服务
39. /// </summary>
40. /// <returns></returns>
41. static CryptoService GetCryptoService()
42. {
43. string key = GetAppKey();
44. string IV = GetAppIV();
45.
46. CryptoService cs = new CryptoService(key, IV);
47. return cs;
48. }
49.
50. /// <summary>
51. /// 创建各分站发往认证中心的 Token
52. /// </summary>
53. /// <param name="ssoRequest"></param>
54. /// <returns></returns>
55. public static bool CreateAppToken(SSORequest ssoRequest)
56. {
57. string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
58. string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
59. string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
60. byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt);
61.
62. CryptoService cs = GetCryptoService();
63.
64. byte[] encrypted;
65.
66. if (cs.Encrypt(bToEncrypt, out encrypted))
67. {
68. ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted);
69.
70. return true;
71. }
72. else
73. {
74. return false;
75. }
76. }
77.
78.
79. /// <summary>
80. /// 验证从各分站发送过来的 Token
81. /// </summary>
82. /// <param name="ssoRequest"></param>
83. /// <returns></returns>
84. public static bool ValidateAppToken(SSORequest ssoRequest)
85. {
86. string Authenticator = ssoRequest.Authenticator;
87.
88. string OriginalAuthenticator = ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
89. string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
90. string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
91. byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt);
92.
93. CryptoService cs = GetCryptoService();
94. byte[] encrypted;
95.
96. if (cs.Encrypt(bToEncrypt, out encrypted))
97. {
98. return Authenticator == CryptoHelper.ToBase64String(encrypted);
99. }
100. else
101. {
102. return false;
103. }
104. }
105.
106.
107. /// <summary>
108. /// 创建认证中心发往各分站的 Token
109. /// </summary>
110. /// <param name="ssoRequest"></param>
111. /// <returns></returns>
112. public static bool CreateEACToken(SSORequest ssoRequest)
113. {
114. string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
115. string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
116. string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
117. byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt);
118.
119. CryptoService cs = GetCryptoService();
120. byte[] encrypted;
121.
122. if (cs.Encrypt(bToEncrypt, out encrypted))
123. {
124. ssoRequest.Authenticator = CryptoHelper.ToBase64String(encrypted);
125.
126. return true;
127. }
128. else
129. {
130. return false;
131. }
132. }
133.
134.
135. /// <summary>
136. /// 验证从认证中心发送过来的 Token
137. /// </summary>
138. /// <param name="ssoRequest"></param>
139. /// <returns></returns>
140. public static bool ValidateEACToken(SSORequest ssoRequest)
141. {
142. string Authenticator = ssoRequest.Authenticator;
143.
144. string OriginalAuthenticator = ssoRequest.UserAccount + ssoRequest.IASID + ssoRequest.TimeStamp + ssoRequest.AppUrl;
145. string AuthenticatorDigest = CryptoHelper.ComputeHashString(OriginalAuthenticator);
146. string sToEncrypt = OriginalAuthenticator + AuthenticatorDigest;
147. byte[] bToEncrypt = CryptoHelper.ConvertStringToByteArray(sToEncrypt);
148.
149. string EncryCurrentAuthenticator = string.Empty;
150. CryptoService cs = GetCryptoService();
151. byte[] encrypted;
152.
153. if (cs.Encrypt(bToEncrypt, out encrypted))
154. {
155. EncryCurrentAuthenticator = CryptoHelper.ToBase64String(encrypted);
156.
157. return Authenticator == EncryCurrentAuthenticator;
158. }
159. else
160. {
161. return false;
162. }
163. }
164.
165.
166. /// <summary>
167. /// 创建 EAC 认证中心的 Cookie
168. /// </summary>
169. /// <param name="userAccount"></param>
170. /// <param name="timeStamp"></param>
171. /// <param name="expireTime"></param>
172. /// <param name="cookieValue"></param>
173. /// <returns></returns>
174. public static bool CreatEACCookie(string userAccount, string timeStamp, string expireTime)
175. {
176. string plainText = "UserAccount=" + userAccount + ";TimeStamp=" + timeStamp + ";ExpireTime=" + expireTime;
177. plainText += hashSplitter + CryptoHelper.ComputeHashString(plainText);
178.
179. CryptoService cs = GetCryptoService();
180. byte[] encrypted;
181.
182. if (cs.Encrypt(CryptoHelper.ConvertStringToByteArray(plainText), out encrypted))
183. {
184. string cookieValue = CryptoHelper.ToBase64String(encrypted);
185. SetCookie(cookieValue);
186.
187. return true;
188. }
189. else
190. {
191. return false;
192. }
193. }
194.
195. /// <summary>
196. /// 验证 EAC 认证中心的 Cookie,验证通过时获取用户登录账号
197. /// </summary>
198. /// <param name="userAccount">输出用户登录账号</param>
199. /// <returns></returns>
200. public static bool ValidateEACCookie(out string userAccount)
201. {
202. userAccount = string.Empty;
203. try
204. {
205.
206. string cookieValue = GetCookie().Value;
207. byte[] toDecrypt = CryptoHelper.FromBase64String(cookieValue);
208. CryptoService cs = GetCryptoService();
209.
210. string decrypted = string.Empty;
211. if (cs.Decrypt(toDecrypt, out decrypted))
212. {
213.
214. string[] arrTemp = decrypted.Split(Convert.ToChar(hashSplitter));
215. string plainText = arrTemp[0];
216. string hashedText = arrTemp[1];
217.
218. userAccount = plainText.Split(Convert.ToChar(";"))[0].Split(Convert.ToChar("="))[1];
219.
220. return hashedText.Replace("\0", string.Empty) == CryptoHelper.ComputeHashString(plainText);
221.
222. }
223. else
224. {
225. return false;
226. }
227. }
228. catch (Exception e)
229. {
230. return false;
231. }
232. }
233.
234.
235. public static void Logout()
236. {
237. HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Parse("1900-1-1");
238. HttpContext.Current.Response.Cookies[cookieName].Path = "/";
239. }
240.
241. private static void SetCookie(string cookieValue)
242. {
243. HttpContext.Current.Response.Cookies[cookieName].Value = cookieValue;
244. HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddHours(24);
245. HttpContext.Current.Response.Cookies[cookieName].Path = "/";
246. }
247.
248. private static HttpCookie GetCookie()
249. {
250. HttpCookie cookie = HttpContext.Current.Request.Cookies["EACToken"];
251. return cookie;
252. }
253.}
CryptoHelper.cs
1.using System;
2.using System.Collections.Generic;
3.using System.Text;
4.using System.Security.Cryptography;
5.
6.public class CryptoHelper
7.{
8. /// <summary>
9. /// 复合 Hash:string --> byte[] --> hashed byte[] --> base64 string
10. /// </summary>
11. /// <param name="s"></param>
12. /// <returns></returns>
13. public static string ComputeHashString(string s)
14. {
15. return ToBase64String(ComputeHash(ConvertStringToByteArray(s)));
16. }
17.
18.
19. public static byte[] ComputeHash(byte[] buf)
20. {
21. //return ((HashAlgorithm)CryptoConfig.CreateFromName("SHA1")).ComputeHash(buf);
22. return SHA1.Create().ComputeHash(buf);
23.
24. }
25.
26. /// <summary>
27. /// //System.Convert.ToBase64String
28. /// </summary>
29. /// <param name="buf"></param>
30. /// <returns></returns>
31. public static string ToBase64String(byte[] buf)
32. {
33. return System.Convert.ToBase64String(buf);
34. }
35.
36.
37. public static byte[] FromBase64String(string s)
38. {
39. return System.Convert.FromBase64String(s);
40. }
41.
42. /// <summary>
43. /// //Encoding.UTF8.GetBytes(s)
44. /// </summary>
45. /// <param name="s"></param>
46. /// <returns></returns>
47. public static byte[] ConvertStringToByteArray(String s)
48. {
49. return Encoding.UTF8.GetBytes(s);//gb2312
50. }
51.
52.
53. public static string ConvertByteArrayToString(byte[] buf)
54. {
55. //return System.Text.Encoding.GetEncoding("utf-8").GetString(buf);
56.
57. return Encoding.UTF8.GetString(buf);
58. }
59.
60.
61. /// <summary>
62. /// 字节数组转换为十六进制字符串
63. /// </summary>
64. /// <param name="buf"></param>
65. /// <returns></returns>
66. public static string ByteArrayToHexString(byte[] buf)
67. {
68. StringBuilder sb = new StringBuilder();
69. for (int i = 0; i < buf.Length; i++)
70. {
71. sb.Append(buf[i].ToString("X").Length == 2 ? buf[i].ToString("X") : "0" + buf[i].ToString("X"));
72. }
73. return sb.ToString();
74. }
75.
76. /// <summary>
77. /// 十六进制字符串转换为字节数组
78. /// </summary>
79. /// <param name="s"></param>
80. /// <returns></returns>
81. public static byte[] HexStringToByteArray(string s)
82. {
83. Byte[] buf = new byte[s.Length / 2];
84. for (int i = 0; i < buf.Length; i++)
85. {
86. buf[i] = (byte)(Char2Hex(s.Substring(i * 2, 1)) * 0x10 + Char2Hex(s.Substring(i * 2 + 1, 1)));
87. }
88. return buf;
89. }
90.
91.
92. private static byte Char2Hex(string chr)
93. {
94. switch (chr)
95. {
96. case "0":
97. return 0x00;
98. case "1":
99. return 0x01;
100. case "2":
101. return 0x02;
102. case "3":
103. return 0x03;
104. case "4":
105. return 0x04;
106. case "5":
107. return 0x05;
108. case "6":
109. return 0x06;
110. case "7":
111. return 0x07;
112. case "8":
113. return 0x08;
114. case "9":
115. return 0x09;
116. case "A":
117. return 0x0a;
118. case "B":
119. return 0x0b;
120. case "C":
121. return 0x0c;
122. case "D":
123. return 0x0d;
124. case "E":
125. return 0x0e;
126. case "F":
127. return 0x0f;
128. }
129. return 0x00;
130. }
131.}
CryptoService.cs
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Web.UI;
7.using System.Web.UI.WebControls;
8.using System.Web.UI.WebControls.WebParts;
9.using System.Web.UI.HtmlControls;
10.using System.Text;
11.using System.Security.Cryptography;
12.using System.IO;
13.
14.public class CryptoService
15.{
16. /// <summary>
17. /// 加密的密钥
18. /// </summary>
19. string sKey = "22362E7A9285DD53A0BBC2932F9733C505DC04EDBFE00D70";
20. string sIV = "1E7FA9231E7FA923";
21.
22. byte[] byteKey;
23. byte[] byteIV;
24.
25. /// <summary>
26. /// 加密向量
27. /// </summary>
28. static byte[] bIV ={ 1, 2, 3, 4, 5, 6, 7, 8 };
29.
30. public CryptoService()
31. { }
32.
33. public CryptoService(string key, string IV)
34. {
35. sKey = key;
36. sIV = IV;
37.
38. byteKey = CryptoHelper.HexStringToByteArray(sKey);
39. byteIV = CryptoHelper.HexStringToByteArray(sIV);
40. }
41.
42.
43.
44. /// <summary>
45. /// 将明文加密,返回密文
46. /// </summary>
47. /// <param name="Data">要加密的字串</param>
48. /// <returns></returns>
49. public byte[] Encrypt(string Data)
50. {
51. try
52. {
53. byte[] ret;
54.
55. using (MemoryStream mStream = new MemoryStream())
56. using (CryptoStream cStream = new CryptoStream(mStream,
57. new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
58. CryptoStreamMode.Write))
59. {
60.
61. byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data);
62.
63. // Write the byte array to the crypto stream and flush it.
64. cStream.Write(toEncrypt, 0, toEncrypt.Length);
65. cStream.FlushFinalBlock();
66.
67. // Get an array of bytes from the
68. // MemoryStream that holds the
69. // encrypted data.
70. ret = mStream.ToArray();
71.
72. }
73.
74. return ret;
75. }
76. catch (CryptographicException e)
77. {
78. //Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
79. return null;
80. }
81.
82. }
83.
84.
85. /// <summary>
86. /// 将明文加密,返回密文
87. /// </summary>
88. /// <param name="toEncrypt">明文</param>
89. /// <param name="encrypted">密文</param>
90. /// <returns></returns>
91. public bool Encrypt(byte[] toEncrypt, out byte[] encrypted)
92. {
93. encrypted = null;
94. try
95. {
96. // Create a new MemoryStream using the passed
97. // array of encrypted data.
98. // Create a CryptoStream using the MemoryStream
99. // and the passed key and initialization vector (IV).
100. using (MemoryStream mStream = new MemoryStream())
101. using (CryptoStream cStream = new CryptoStream(mStream,
102. new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
103. CryptoStreamMode.Write))
104. {
105.
106. // Write the byte array to the crypto stream and flush it.
107. cStream.Write(toEncrypt, 0, toEncrypt.Length);
108. cStream.FlushFinalBlock();
109.
110. // Get an array of bytes from the
111. // MemoryStream that holds the
112. // encrypted data.
113. encrypted = mStream.ToArray();
114. }
115.
116. return true;
117. }
118. catch (CryptographicException e)
119. {
120. //Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
121. return false;
122. }
123.
124. }
125.
126.
127.
128. /// <summary>
129. /// 将明文加密,返回 Base64 字符串
130. /// </summary>
131. /// <param name="Data"></param>
132. /// <returns></returns>
133. public string EncryptToString(string Data)
134. {
135. try
136. {
137. string base64String = string.Empty;
138.
139. using (MemoryStream mStream = new MemoryStream())
140. using (CryptoStream cStream = new CryptoStream(mStream,
141. new TripleDESCryptoServiceProvider().CreateEncryptor(byteKey, byteIV),
142. CryptoStreamMode.Write))
143. {
144.
145. byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data);
146.
147. cStream.Write(toEncrypt, 0, toEncrypt.Length);
148. cStream.FlushFinalBlock();
149.
150. byte[] ret = mStream.ToArray();
151.
152. base64String = Convert.ToBase64String(ret);
153. }
154.
155. return base64String;
156. }
157. catch (CryptographicException e)
158. {
159. return null;
160. }
161.
162. }
163.
164.
165. /// <summary>
166. /// 将密文解密,返回明文
167. /// </summary>
168. /// <param name="Data">密文</param>
169. /// <returns>明文</returns>
170. public bool Decrypt(byte[] Data, out string decrypted)
171. {
172. decrypted = string.Empty;
173. try
174. {
175.
176. using (MemoryStream msDecrypt = new MemoryStream(Data))
177. using (CryptoStream csDecrypt = new CryptoStream(msDecrypt,
178. new TripleDESCryptoServiceProvider().CreateDecryptor(byteKey, byteIV),
179. CryptoStreamMode.Read))
180. {
181.
182. byte[] fromEncrypt = new byte[Data.Length];
183.
184. // Read the decrypted data out of the crypto stream
185. // and place it into the temporary buffer.
186. csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
187.
188. decrypted = Encoding.UTF8.GetString(fromEncrypt);//new ASCIIEncoding().GetString(fromEncrypt);
189.
190. return true;
191. }
192. }
193. catch (CryptographicException e)
194. {
195. return false;
196. }
197. }
198.
199.}
PostService.cs
1.using System;
2.using System.Collections.Generic;
3.using System.Text;
4.
5.public class PostService
6.{
7. private System.Collections.Specialized.NameValueCollection Inputs = new System.Collections.Specialized.NameValueCollection();
8. public string Url = "";
9. public string Method = "post";
10. public string FormName = "form1";
11.
12. /// <summary>
13. /// 添加需要提交的名和值
14. /// </summary>
15. /// <param name="name"></param>
16. /// <param name="value"></param>
17. public void Add(string name, string value)
18. {
19. Inputs.Add(name, value);
20. }
21.
22. /// <summary>
23. /// 以输出Html方式POST
24. /// </summary>
25. public void Post()
26. {
27. System.Web.HttpContext.Current.Response.Clear();
28.
29. string html = string.Empty;
30.
31. html += ("<html><head>");
32. html += (string.Format("</head><body onload=\"document.{0}.submit()\">", FormName));
33. html += (string.Format("<form name=\"{0}\" method=\"{1}\" action=\"{2}\" >", FormName, Method, Url));
34. try
35. {
36. for (int i = 0; i < Inputs.Keys.Count; i++)
37. {
38. html += (string.Format("<input name=\"{0}\" type=\"hidden\" value=\"{1}\">", Inputs.Keys[i], Inputs[Inputs.Keys[i]]));
39. }
40. html += ("</form>");
41. html += ("</body></html>");
42.
43. System.Web.HttpContext.Current.Response.Write(html);
44. System.Web.HttpContext.Current.Response.End();
45. }
46. catch (Exception ee)
47. {
48. //
49. }
50. }
51.}
SSORequest.cs
1.using System;
2.using System.Data;
3.using System.Configuration;
4.using System.Web;
5.using System.Web.Security;
6.using System.Web.UI;
7.using System.Web.UI.WebControls;
8.using System.Web.UI.WebControls.WebParts;
9.using System.Web.UI.HtmlControls;
10.
11.[Serializable]
12.public class SSORequest : MarshalByRefObject
13.{
14. public string IASID; //各独立站点标识ID
15. public string TimeStamp; //时间戳
16. public string AppUrl; //各独立站点的访问地址
17. public string Authenticator; //各独立站点的 Token
18.
19. public string UserAccount; //账号
20. public string Password; //密码
21.
22. public string IPAddress; //IP地址
23.
24. //为ssresponse对象做准备
25. public string ErrorDescription = "认证失败"; //用户认证通过,认证失败,包数据格式不正确,数据校验不正确
26. public int Result = -1;
27.
28. public SSORequest()
29. {
30.
31. }
32.
33.
34. /// <summary>
35. /// 获取当前页面上的SSORequest对象
36. /// </summary>
37. /// <param name="CurrentPage"></param>
38. /// <returns></returns>
39. public static SSORequest GetRequest(Page CurrentPage)
40. {
41. SSORequest request = new SSORequest();
42. request.IPAddress = CurrentPage.Request.UserHostAddress;
43. request.IASID = CurrentPage.Request["IASID"].ToString();// Request本身会Decode
44. request.UserAccount = CurrentPage.Request["UserAccount"].ToString();//this.Text
45. request.Password = CurrentPage.Request["Password"].ToString();
46. request.AppUrl = CurrentPage.Request["AppUrl"].ToString();
47. request.Authenticator = CurrentPage.Request["Authenticator"].ToString();
48. request.TimeStamp = CurrentPage.Request["TimeStamp"].ToString();
49. return request;
50. }
51.}
配置web.config
1.<authentication mode="Forms">
2. <forms name=".AspxFormAuth" loginUrl="Default.aspx" defaultUrl="center.html" protection="All" path="/" timeout="60">
3. </forms>
4. </authentication>
5. <authorization>
6. <!--拒绝所有匿名用户-->
7. <deny users="?"/>
8. </authorization>
<authentication mode="Forms">
<forms name=".AspxFormAuth" loginUrl="Default.aspx" defaultUrl="center.html" protection="All" path="/" timeout="60">
</forms>
</authentication>
<authorization>
<!--拒绝所有匿名用户-->
<deny users="?"/>
</authorization>
最后效果如下:登录总站后,各站点之间无需再登录,可以互相访问。
另外,注销登录后,访问站点1 http://localhost/Site1/Default.aspx ,会自动跳转到主站登录页面 http://localhost/MasterSite/Default.aspx ,同样访问站点2 http://localhost/Site2/Default.aspx 也会转到主站登录页面。从主站登录后,分别访问站点1和站点2。
在IIS配置虚拟目录MasterSite Site1 Site2,当然你也可以新建站点MasterSite Site1 Site2,修改hosts表 127.0.0.1 http://www.mastersite.com/
127.0.0.1 http://www.site1.com/
127.0.0.1 http://www.site2.com/
源代码下载:http://download.csdn.net/source/1571879
时间: 2024-10-06 01:09:08