单点登录cas 以及 Iframe篇
描述:公司网站要做单点登录,结果这个任务就落到我的头上了,刚开始也是一头露水,上网开始查,下面的这个只是能从一方登录的,如果子站点也有自己的登录,那这种方法是不适用的
private static String CASHOST = System.Configuration.ConfigurationSettings.AppSettings["casurl"].ToString();
public void ProcessRequest(HttpContext context)
{
string tkt = context.Request.QueryString["ticket"];
string service = context.Request.Url.GetLeftPart(UriPartial.Path);
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
context.Response.Redirect(redir);
return;
}
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&" +
"service=" + service;
StreamReader Reader = new StreamReader(new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context1 = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context1);
string netid = null;
string username = null;
string mobileval = null;
string email = null;
string oid = null ;
string emailvali=null;
string mobile=null;
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
{
netid = reader.ReadString();
}
if (tag == "username")
{
username = reader.ReadString();
}
if (tag == "mobileval")
{
mobileval = reader.ReadString();
}
if (tag == "email")
{
email = reader.ReadString();
}
if (tag == "oid")
{
oid = reader.ReadString();
}
if (tag == "emailvali")
{
emailvali = reader.ReadString();
}
if (tag == "mobile")
{
mobile = reader.ReadString();
}
}
}
reader.Close();
if (netid == null)
{
// Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
webLoginPageBase cc = new webLoginPageBase();
bool aa = cc.SetLgoinUserInfo(netid);//存入session
List<
userInfo
> list = new List<
userInfo
>();
userInfo user = new userInfo();
user.netid = netid;
user.userName = username;
user.mobile = mobile;
user.email = email;
user.emailvali = Convert.ToInt32(emailvali);
user.oID = oid;
user.mobileval =Convert.ToInt32(mobileval);
list.Add(user);
string a = new JavaScriptSerializer().Serialize(list);
mes1 m1 = new mes1 { code = 0, message = "成功" + aa };
mes m = new mes() { message = m1, data = list };
string result = JsonConvert.SerializeObject(m);
context.Response.Write(result);
}
}
public bool IsReusable
{
get
{
return false;
}
}
public class userInfo
{
public int userID;
public string netid;
public string userName;
public int mobileval;
public string email;
public int emailvali;
public string mobile;
public string oID;
}
public class mes
{
public mes1 message;
public List<
userInfo
> data;
}
public class mes1
{
public int code;
public string message;
}
后来项目也是急着上线,然后出了一个很懒的方案,就是在子站点也就是我们这边的首页加个Iframe当然是不可见的,然后输入用户名和密码传给Iframe里面的用户名和密码以表单的形式submit();剩下的就是服务器端的配置了
为了简单我就直接没用Iframe意思是一样的
用户名:
"text"
name=
"username"
/>
密码:
"text"
name=
"password"
/>
"hidden"
name=
"submitClient"
value=
"true"
/>
"hidden"
name=
"loginUrl"
value=
"http://www.ceshi/login.jsp"
/>用于告诉服务器失败后转向何处
"hidden"
name=
"service"
value=
"http://www.ceshi/login.jsp"
/>回调地址
"submit"
value=
"提交"
/>
其实submit();方法应该写在JS中,子站点点击登录的时候调用该JS