CAS 单点登录安装笔记4
--- asp.net client端的设置
1、首先修改web.Config文件,加入以下设置:
本人对.net不是很熟悉,感觉这里的配置类似java web应用程序中的过滤器,当用户访问web页时首先跳转到login.aspx页面进行验证。
2、加入以下c#代码到login.aspx页面的加载事件中:
//CAS 身份验证 服务器地址
private const string CASHOST = "https://sso.gzps.net:8443/cas/";
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];
// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);
// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}
// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&"+
"service=" + service;
StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream
// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement()) {
string tag = reader.LocalName;
if (tag=="user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}
}
}
以上代码参照了ja-sig网站的解决方案:[url]http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication[/url]
3、以为这样就可以了,运行时可以跳到sso服务器进行验证,但跳转以后报以下错误:
" System.Net.WebException。 基础连接已关闭。 无法建立与远程服务器信任关系 "。
应该与CAS Server端安装了数字证书,而.net Client端并没有安装相应的证书有关。
可以通过[url="http://hi.baidu.com/wjmd521/blog/item/d0244e60edc9a045ebf8f898.html"]配置IIS服务器,支持HTTPS SSL协议实现安全数据交换[/url]中介绍的步骤导入CAS 服务端的数字证书,或者通过[url]http://support.microsoft.com/kb/823177/[/url]上介绍的解决方案进行处理:
实现类
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
客户端代码中包含下列代码:
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
所有代码见附件WebSite.rar,将其部署到你的IIS服务器就可以了。
关于IIS服务器的设置见[url="http://tech.163.com/special/00091PDS/aspnet.html"]asp.net一夜速成教程[/url]