ASP.NET implements single point login. of is suitable for a variety of situations

  • 2021-01-11 01:58:10
  • OfStack

The first kind: with the main domain but different sub-domain between the realization of single point landing

Form authentication is actually authentication based on identity cookie. Customer after landing, generated a contain the user identity information (including 1 ticket) cookie, is the name of this cookie in web. Set in section Authentication form config name information, such as

<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXAUTH" path="/" protection="All" domain=""></forms>

In this case,.ASPNETAUTH is the name of this Cookie. The user identity information is passed by including the cookie in the Request.Cookies collection. So, the idea of sharing authentication information is simple: as long as the authentication cookie can be shared in the domain name, the authentication Form can be shared!

Code implementation:

string userData = JsonHelper.ScriptSerialize(user);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.userid.ToString(), DateTime.Now, DateTime.Now.AddHours(4), false, userData);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));// Encrypt the identity information and save to Cookie
cookie.Domain = "";

Second: Implement SSO between master and child applications of the virtual directory

<authentication mode="Forms">
<forms name=".SSOAuth" protection="All" timeout="60" loginUrl="login.aspx" />

The two most important properties are name and protection. When the protection property is set to "All", the data encrypted and validated by the Hash value is stored in Cookie. The default authentication and encryption using Key are stored in the machine.config file and we can override these values in the application's Web.Config file. Default values are as follows:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey=" AutoGenerate,IsolateApps" validation="SHA1" />

IsolateApps means to generate a different Key for each application. We cannot use this. In order to encrypt and decrypt cookie using the same Key in multiple applications, we can remove the IsolateApps option or better yet, set one specific Key value in Web.Config for all applications that need to implement SSO:

<machineKey validationKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902" decryptionKey="F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902F8D923AC" validation="SHA1" />

Type 3: SSO implementation for applications under different domain names (also applicable to the above)

It mainly uses the page URL to pass parameters and redirect to achieve, there are many methods of this kind of implementation, but may need to pay attention to the security issues.

Related articles: