所谓非典型,就是不是按官方指南,github 上有标准的.net cas客户端demo 下载dotnet-cas-client-master 部署即可,这个是在web.config增加了拦截器,一是拦截软件的登录验证,二是使用.net和IIS本身内置的认证机制,而在实际做sso时,发现有些现有软件并没有使用这个认证机制,另外一个可能需求就是,做sso时不想太霸道,保留原来软件的认证登录,只是静静的增加多一个sso认证途径,这时,不对web.config做任何拦截修改,只是增加一个caslogin.aspx,访问指向这个网页时,才使用sso登录。当然,需要在未登录状态时允许访问这个页面。
不多废话,上源码,参考网上的代码,调试通过c#代码,有个老项目是VB.net的,又翻译成了VB.net源码,均调试可用。
c# 源码:
public partial class caslogin : System.Web.UI.Page
{
internal static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true; //处理非ssl连接导致重定向次数过多
}
protected void Page_Load(object sender, EventArgs e)
{
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);
string CASHOST = "https://author.linbsoft.com:8443/cas/"; //cas服务器地址
string tkt = Request.QueryString["ticket"];
string service = Request.Url.GetLeftPart(UriPartial.Path);
if (tkt == null || tkt.Length == 0) //检查未带ticket,重定向到cas登录页
{
string redir = CASHOST + "login?service=" + service;
Response.Redirect(redir);
return;
}
string validateurl = CASHOST + "serviceValidate?ticket=" + tkt + "&service=" + service;
StreamReader Reader = new StreamReader(new WebClient().OpenRead(validateurl)); //根据ticket验证取回用户信息
string resp = Reader.ReadToEnd();
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
while (reader.Read()) //从返回信息中读取用户账号等
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
netid = reader.ReadString();
//这里可以读取其它返回信息
}
}
reader.Close();
if (netid == null) //服务器拒绝验证,未返回用户信息
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else //返回了用户信息,做初始化成功登录本软件处理
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false);
}
}
}
VB.NET 源码:
Public Class caslogin
Inherits System.Web.UI.Page
Protected Function CheckValidationResult(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal errors As SslPolicyErrors) As Boolean
Return True '处理非ssl连接导致重定向次数过多
End Function
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf CheckValidationResult)
Dim CASHOST As String = "https://author.linbsoft.com:8443/cas/"; ' cas服务器地址
Dim tkt As String = ""
If Not Request.QueryString("ticket") Is Nothing Then '检查未带ticket,重定向到cas登录页
tkt = Request.QueryString("ticket")
End If
Dim service As String = Request.Url.GetLeftPart(UriPartial.Path)
If tkt = "" Or tkt.Length < 1 Then
Dim redir As String = CASHOST + "login?service=" + service
Response.Redirect(redir)
Return
End If
Dim validateurl As String = CASHOST + "serviceValidate?ticket=" + tkt + "&service=" + service
Dim Reader As StreamReader = New StreamReader(New WebClient().OpenRead(validateurl)) '根据ticket验证取回用户信息
Dim resp As String = Reader.ReadToEnd()
Dim nt As NameTable = New NameTable()
Dim nsmgr As XmlNamespaceManager = New XmlNamespaceManager(nt)
Dim context As XmlParserContext = New XmlParserContext(Nothing, nsmgr, Nothing, XmlSpace.None)
Dim myreader As XmlTextReader = New XmlTextReader(resp, XmlNodeType.Element, context)
Dim netid As String = ""
While (myreader.Read()) '从返回信息中读取用户账号等
If (myreader.IsStartElement()) Then
Dim tag As String = myreader.LocalName
If (tag = "user") Then
netid = myreader.ReadString()
End If
'这里可以读取其它返回信息
End If
End While
myreader.Close()
If (netid = "") Then '服务器拒绝验证,未返回用户信息
Label1.Text = "CAS returned to this application, but then refused to validate your identity."
Else '返回了用户信息,做初始化成功登录本软件处理
Session("UserName") = netid
Label1.Text = "Welcome " + netid
FormsAuthentication.RedirectFromLoginPage(netid, False)
End If
End Sub
End Class