Of Stack

How to implement single sign on in different.ES0en versions

  • 2020-06-19 10:03:22
  • OfStack

Single sign-on (Single Sign On) Single sign-on (Single Sign On) means that in multiple applications, users only need to log in once to access all the trusted applications. The technical solution for programmers is to share cookie across multiple domains.

For ERP recently added a deployment in another 1 machine, link to the original component, the old system calls in the original old projects Login to realize single sign-on (sso), don't succeed, try, try try N times repeatedly. Finally determine the problem, is that net2. 0 and 4.0 for cookie encryption/decryption method from this difference, and through the study, had one rewrite the implementation can be different. net version of single sign-on (sso) in the simple way.

1. Common login page code: 


protected void btnLogin_Click(object sender, EventArgs e)
{
  // Authenticate invoice, go to the original request page 
   System.Web.Security.FormsAuthentication.RedirectFromLoginPage("ejiyuan", false);
}

2. Configuration file: 

<!-- Access control -->
<authorization>
    <deny users="?"/>
</authorization>    
<!-- Identity authentication method -->
<authentication mode="Forms">
    <forms name=".ASPNET" protection="All" enableCrossAppRedirects="true" loginUrl="Login.aspx" timeout="2880" path="/" domain=".local.com"/>
</authentication>   
<!-- Verify the algorithm -->
<machineKey validationKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902" decryptionKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902F8D923AC" validation="SHA1" decryption="3DES" /> <compilation debug="true"/>

Here: The two most important properties of the authentication/forms node are name and protection. All projects that implement single sign-on should have the same configuration so that Cookie can be read and written at the same level of protection in different programs
When the protection attribute is set to "All", encryption and authentication using the Hash value are stored in Cookie. The default Key used for authentication and encryption is stored in the ES32en.config file and we can override these values in the application's ES34en.Config file. The default values are as follows:

< machineKeyvalidationKey="AutoGenerate,IsolateApps"decryptionKey=" AutoGenerate,IsolateApps"validation="SHA1" / >

To be able to encrypt and decrypt cookie using the same Key in multiple applications, we can remove the IsolateApps option or better yet set a specific Key value in Web.Config for all applications that need to implement SSO:

< machineKey validationKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902" decryptionKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902F8D923AC" validation="SHA1" decryption="3DES" / > < compilation debug="true"/ >

If you use the same storage and implement SSO only by changing 1 Web.config, you must ensure that every application in a single sign-on has the same configuration. If the single sign-on application is across different versions of.ES65en, do not use md5 for encryption/decryption here

< machineKey decryptionKey="8B6697227CBCA902B1A0925D00FAA00B353F2DF4359D2099" validation="MD5" validationKey="282487E295028E59B8F411ACB689CCD6F39DDD2146055A3EE480424315994760ADF21B580D8587DB675FA02F7916813044E25309CCCDB647174D5B3D0DD9141"/ >

3. Single sign-on without login page does not need the code to directly configure it. The configuration is as follows 


<authorization>
  <deny users="?"/>
</authorization>
<authentication mode="Forms">
    <forms name=".ASPNET" protection="All" enableCrossAppRedirects="true" loginUrl="http://Sso2.local.com/Login.aspx" timeout="2880" path="/" domain=".local.com"/>
</authentication>

4. The login module is encapsulated in httpModules from the directional code for other systems to call directly. The enclosing code and reference method are attached here: 

public class SsoLoginRedirectModule : IHttpModule
{
    public void Init(HttpApplication i_application)
    {
        // TODO:  Add UploadModule.Init implementation    
        i_application.EndRequest += new EventHandler(i_application_EndRequest);
    }
    void i_application_EndRequest(object sender, EventArgs e)
    {
        if ((HttpContext.Current.Response.StatusCode == 302) && HttpContext.Current.Response.RedirectLocation.Contains(FormsAuthentication.LoginUrl))
        {
            HttpContext.Current.Response.RedirectLocation = FormsAuthentication.LoginUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(HttpContext.Current.Request.Url.OriginalString);
        }
    }
    public void Dispose()
    {
        //throw new NotImplementedException();
    }
}

Reference: 

<httpModules>
    <add name="SsoModule" type="SsoModule.SsoLoginRedirectModule, SsoModule"/>
</httpModules>

Related articles: