網(wǎng)站:
JavaEye
作者:
jacally
鏈接:
http://lib.javaeye.com/blog/166619
發(fā)表時(shí)間: 2008年03月02日
聲明:本文系JavaEye網(wǎng)站發(fā)布的原創(chuàng)博客文章,未經(jīng)作者書(shū)面許可,嚴(yán)禁任何網(wǎng)站轉(zhuǎn)載本文,否則必將追究法律責(zé)任!
CAS 單點(diǎn)登錄安裝筆記4
--- asp.net client端的設(shè)置
1、首先修改web.Config文件,加入以下設(shè)置:
<authentication mode="Forms" >
<forms name="casauth" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
本人對(duì).net不是很熟悉,感覺(jué)這里的配置類似java web應(yīng)用程序中的過(guò)濾器,當(dāng)用戶訪問(wèn)web頁(yè)時(shí)首先跳轉(zhuǎn)到login.aspx頁(yè)面進(jìn)行驗(yàn)證。
2、加入以下c#代碼到login.aspx頁(yè)面的加載事件中:
//CAS 身份驗(yàn)證 服務(wù)器地址
private const string CASHOST = "https://sso.gzps.net:8443/cas/";
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];
// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);
// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}
// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&"+
"service=" + service;
StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream
// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement()) {
string tag = reader.LocalName;
if (tag=="user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}
}
}
以上代碼參照了ja-sig網(wǎng)站的解決方案:
http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication
3、以為這樣就可以了,運(yùn)行時(shí)可以跳到sso服務(wù)器進(jìn)行驗(yàn)證,但跳轉(zhuǎn)以后報(bào)以下錯(cuò)誤:
" System.Net.WebException。 基礎(chǔ)連接已關(guān)閉。 無(wú)法建立與遠(yuǎn)程服務(wù)器信任關(guān)系 "。
應(yīng)該與CAS Server端安裝了數(shù)字證書(shū),而.net Client端并沒(méi)有安裝相應(yīng)的證書(shū)有關(guān)。
可以通過(guò)
配置IIS服務(wù)器,支持HTTPS SSL協(xié)議實(shí)現(xiàn)安全數(shù)據(jù)交換中介紹的步驟導(dǎo)入CAS 服務(wù)端的數(shù)字證書(shū),或者通過(guò)
http://support.microsoft.com/kb/823177/上介紹的解決方案進(jìn)行處理:
實(shí)現(xiàn)類
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
客戶端代碼中包含下列代碼:
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
所有代碼見(jiàn)附件WebSite.rar,將其部署到你的IIS服務(wù)器就可以了。
關(guān)于IIS服務(wù)器的設(shè)置見(jiàn)
asp.net一夜速成教程
本文的討論也很精彩,瀏覽討論>>
JavaEye推薦
中國(guó)領(lǐng)先的電子商務(wù)網(wǎng)站-淘寶網(wǎng)招賢納士,誠(chéng)聘Java工程師
文章來(lái)源:
http://lib.javaeye.com/blog/166619
posted on 2008-03-02 11:52
Lib 閱讀(1175)
評(píng)論(0) 編輯 收藏 所屬分類:
服務(wù)配置 、
Java