網(wǎng)站:
JavaEye
作者:
jacally
鏈接:
http://lib.javaeye.com/blog/166619
發(fā)表時間: 2008年03月02日
聲明:本文系JavaEye網(wǎng)站發(fā)布的原創(chuàng)博客文章,未經(jīng)作者書面許可,嚴禁任何網(wǎng)站轉載本文,否則必將追究法律責任!
CAS 單點登錄安裝筆記4
--- asp.net client端的設置
1、首先修改web.Config文件,加入以下設置:
<authentication mode="Forms" >
<forms name="casauth" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
本人對.net不是很熟悉,感覺這里的配置類似java web應用程序中的過濾器,當用戶訪問web頁時首先跳轉到login.aspx頁面進行驗證。
2、加入以下c#代碼到login.aspx頁面的加載事件中:
//CAS 身份驗證 服務器地址
private const string CASHOST = "https://sso.gzps.net:8443/cas/";
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];
// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);
// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}
// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&"+
"service=" + service;
StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream
// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement()) {
string tag = reader.LocalName;
if (tag=="user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}
}
}
以上代碼參照了ja-sig網(wǎng)站的解決方案:
http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication
3、以為這樣就可以了,運行時可以跳到sso服務器進行驗證,但跳轉以后報以下錯誤:
" System.Net.WebException。 基礎連接已關閉。 無法建立與遠程服務器信任關系 "。
應該與CAS Server端安裝了數(shù)字證書,而.net Client端并沒有安裝相應的證書有關。
可以通過
配置IIS服務器,支持HTTPS SSL協(xié)議實現(xiàn)安全數(shù)據(jù)交換中介紹的步驟導入CAS 服務端的數(shù)字證書,或者通過
http://support.microsoft.com/kb/823177/上介紹的解決方案進行處理:
實現(xiàn)類
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
客戶端代碼中包含下列代碼:
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
所有代碼見附件WebSite.rar,將其部署到你的IIS服務器就可以了。
關于IIS服務器的設置見
asp.net一夜速成教程
本文的討論也很精彩,瀏覽討論>>
JavaEye推薦
中國領先的電子商務網(wǎng)站-淘寶網(wǎng)招賢納士,誠聘Java工程師
文章來源:
http://lib.javaeye.com/blog/166619
posted on 2008-03-02 11:52
Lib 閱讀(1166)
評論(0) 編輯 收藏 所屬分類:
服務配置 、
Java