/// <summary> /// 设置 cookie /// </summary> /// <param name="cookieInfo"></param> /// <param name="cookieName"></param> /// <param name="cookieDomain">默认是本域名</param> /// <param name="cookieTimeoutMinutes"></param> public static void SetAuthCookie(SSOCookieInfo cookieInfo, string cookieName, string cookieDomain = null, int cookieTimeoutMinutes = 20) { var cookieValue = EncryptSSOCookieValue(cookieInfo); var cookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Expires = DateTime.Now.AddMinutes(cookieTimeoutMinutes), Domain = cookieDomain }; if (CurrentResponse != null) { CurrentResponse.SetCookie(cookie); } }
public static ClaimsPrincipal GenerateClaimsPrincipal(SSOCookieInfo cookieInfo) { if (cookieInfo == null) { return null; } // 有身份信息,构建基础身份信息 var claims = new List<Claim>() { new Claim(ClaimTypes.Name, cookieInfo.Name), new Claim(ClaimTypes.NameIdentifier, cookieInfo.Alias), }; var identity = new ClaimsIdentity(claims, "uoko-sso-internal"); var principal = new ClaimsPrincipal(identity); return principal; }
public ActionResult Login(LoginModel model, string returnUrl, string appKey) { if (!ModelState.IsValid) { return View(model); } var userInfo = UserBiz.GetUserInfo(model.UserName, model.Password); if (userInfo == null) { // 验证不通过 ModelState.AddModelError("", "提供的用户名或密码不正确。"); return View(model); } // 验证通过 var cookieInfo = new SSOCookieInfo() {Alias = userInfo.Alias, Name = userInfo.Name}; SSOAuthentication.SetAuthCookie(cookieInfo, ServerConfig.CookieName, ServerConfig.CookieDomain); if (string.IsNullOrWhiteSpace(returnUrl)) { return RedirectToAction("Index", "Home"); } if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } else { // 如果存在 returnUrl 进行判断 var sameDomain = true; try { sameDomain = new Uri(returnUrl).Host.EndsWith(ServerConfig.CookieDomain); } catch { } // 如果这是一个非同域, 那么需要生成token附加链接, // 否者直接跳转进行到同域进行认证登陆. if (!sameDomain) { // issue token var ticket = new CasTicket() { AppKey = appKey, UserAlias = userInfo.Alias, UserName = userInfo.Name, }; var token = CacheTickets.IssueToken(ticket); returnUrl = GetValidateTokenUrl(returnUrl, token); } } return Redirect(returnUrl); }
private static void SetLocalCookie(HttpContextBase ctx, SSOCookieInfo cookieInfo) { if (ctx == null) { return; } SSOAuthentication.SetAuthCookie(cookieInfo, ClientInfo.LocalCookieName); }
private static IPrincipal GetPrincipalInfoFromServer(HttpContextBase ctx, string token) { var requestUrl = ClientInfo.ServerUrl + "/Account/ValidateToken"; var client = new HttpClient(); var dic = new Dictionary<string, string>() { {"token", token}, {"appKey", ClientInfo.AppKey} }; var sendInfo = new FormUrlEncodedContent(dic); CasTicket ticket = null; try { ticket = client.PostAsync(new Uri(requestUrl), sendInfo) .Result.Content.ReadAsAsync<CasTicket>() .Result; } catch (Exception ex) { // todo : log exception } if (ticket == null) { return null; } var cookieInfo = new SSOCookieInfo() { Alias = ticket.UserAlias, Name = ticket.UserName, }; IPrincipal userInfo = null; if (!string.IsNullOrWhiteSpace(cookieInfo.Alias)) { userInfo = SSOAuthentication.GenerateClaimsPrincipal(cookieInfo); if (SetLocalCookieFunc != null) { SetLocalCookieFunc(ctx, cookieInfo); } else { SetLocalCookie(ctx, cookieInfo); } } return userInfo; }
private static string EncryptSSOCookieValue(SSOCookieInfo cookieInfo) { var cookieValue = JsonConvert.SerializeObject(cookieInfo); using (var des = new TripleDESCryptoServiceProvider() { Key = AesKey, IV = AesIV }) { var cookieValueBytes = Encoding.UTF8.GetBytes(cookieValue); using (var ms = new MemoryStream()) { using (var cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)) { cs.Write(cookieValueBytes, 0, cookieValueBytes.Length); cs.FlushFinalBlock(); } return Convert.ToBase64String(ms.ToArray()); } } }