posts - 28,  comments - 13,  trackbacks - 0

网站: JavaEye  作者: jacally  链接:http://lib.javaeye.com/blog/166619  发表时间: 2008年03月02日

声明:本文系JavaEye网站发布的原创博客文章,未经作者书面许可,严禁任何网站转载本文,否则必将追究法律责任!

CAS 单点登录安装笔记4
--- asp.net client端的设置

1、首先修改web.Config文件,加入以下设置:
<authentication mode="Forms" >
<forms name="casauth" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

本人对.net不是很熟悉,感觉这里的配置类似java web应用程序中的过滤器,当用户访问web页时首先跳转到login.aspx页面进行验证。

2、加入以下c#代码到login.aspx页面的加载事件中:
    //CAS 身份验证 服务器地址
private const string CASHOST = "https://sso.gzps.net:8443/cas/";

protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();

// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];

// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);

// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}

// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&"+
"service=" + service;
StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream

// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);

string netid = null;

// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement()) {
string tag = reader.LocalName;
if (tag=="user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}

}
}


以上代码参照了ja-sig网站的解决方案:http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication

3、以为这样就可以了,运行时可以跳到sso服务器进行验证,但跳转以后报以下错误:
" System.Net.WebException。 基础连接已关闭。 无法建立与远程服务器信任关系 "。
应该与CAS Server端安装了数字证书,而.net Client端并没有安装相应的证书有关。
可以通过配置IIS服务器,支持HTTPS SSL协议实现安全数据交换中介绍的步骤导入CAS 服务端的数字证书,或者通过http://support.microsoft.com/kb/823177/上介绍的解决方案进行处理:
实现类
using System.Net;
using System.Security.Cryptography.X509Certificates;

public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {

//Return True to force the certificate to be accepted.
return true;

} // end CheckValidationResult
} // class MyPolicy


客户端代码中包含下列代码:
   System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();


所有代码见附件WebSite.rar,将其部署到你的IIS服务器就可以了。
关于IIS服务器的设置见asp.net一夜速成教程
本文的讨论也很精彩,浏览讨论>>


JavaEye推荐
中国领先的电子商务网站-淘宝网招贤纳士,诚聘Java工程师



文章来源:http://lib.javaeye.com/blog/166619
posted on 2008-03-02 11:52 Lib 阅读(1151) 评论(0)  编辑  收藏 所属分类: 服务配置Java

只有注册用户登录后才能发表评论。


网站导航:
 
<2024年11月>
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567



我的JavaEye博客
http://lib.javaeye.com


常用链接

留言簿(2)

随笔分类

文章分类

FLASH

Java

搜索

  •  

最新评论

阅读排行榜

评论排行榜