/// <summary>
/// 设置 cookie
/// </summary>
/// <param name="cookieInfo"></param>
/// <param name="cookieName"></param>
/// <param name="cookieDomain">默认是本域名</param>
/// <param name="cookieTimeoutMinutes"></param>
public static void SetAuthCookie(SSOCookieInfo cookieInfo, string cookieName, string cookieDomain = null,
int cookieTimeoutMinutes = 20)
{
var cookieValue = EncryptSSOCookieValue(cookieInfo);
var cookie = new HttpCookie(cookieName, cookieValue)
{
HttpOnly = true,
Expires = DateTime.Now.AddMinutes(cookieTimeoutMinutes),
Domain = cookieDomain
};
if (CurrentResponse != null)
{
CurrentResponse.SetCookie(cookie);
}
}
public static ClaimsPrincipal GenerateClaimsPrincipal(SSOCookieInfo cookieInfo)
{
if (cookieInfo == null)
{
return null;
}
// 有身份信息,构建基础身份信息
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Name, cookieInfo.Name),
new Claim(ClaimTypes.NameIdentifier, cookieInfo.Alias),
};
var identity = new ClaimsIdentity(claims, "uoko-sso-internal");
var principal = new ClaimsPrincipal(identity);
return principal;
}
public ActionResult Login(LoginModel model, string returnUrl, string appKey)
{
if (!ModelState.IsValid)
{
return View(model);
}
var userInfo = UserBiz.GetUserInfo(model.UserName, model.Password);
if (userInfo == null)
{
// 验证不通过
ModelState.AddModelError("", "提供的用户名或密码不正确。");
return View(model);
}
// 验证通过
var cookieInfo = new SSOCookieInfo() {Alias = userInfo.Alias, Name = userInfo.Name};
SSOAuthentication.SetAuthCookie(cookieInfo, ServerConfig.CookieName, ServerConfig.CookieDomain);
if (string.IsNullOrWhiteSpace(returnUrl))
{
return RedirectToAction("Index", "Home");
}
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
// 如果存在 returnUrl 进行判断
var sameDomain = true;
try
{
sameDomain = new Uri(returnUrl).Host.EndsWith(ServerConfig.CookieDomain);
}
catch
{
}
// 如果这是一个非同域, 那么需要生成token附加链接,
// 否者直接跳转进行到同域进行认证登陆.
if (!sameDomain)
{
// issue token
var ticket = new CasTicket()
{
AppKey = appKey,
UserAlias = userInfo.Alias,
UserName = userInfo.Name,
};
var token = CacheTickets.IssueToken(ticket);
returnUrl = GetValidateTokenUrl(returnUrl, token);
}
}
return Redirect(returnUrl);
}
private static void SetLocalCookie(HttpContextBase ctx, SSOCookieInfo cookieInfo)
{
if (ctx == null)
{
return;
}
SSOAuthentication.SetAuthCookie(cookieInfo, ClientInfo.LocalCookieName);
}
private static IPrincipal GetPrincipalInfoFromServer(HttpContextBase ctx, string token)
{
var requestUrl = ClientInfo.ServerUrl + "/Account/ValidateToken";
var client = new HttpClient();
var dic = new Dictionary<string, string>()
{
{"token", token},
{"appKey", ClientInfo.AppKey}
};
var sendInfo = new FormUrlEncodedContent(dic);
CasTicket ticket = null;
try
{
ticket = client.PostAsync(new Uri(requestUrl), sendInfo)
.Result.Content.ReadAsAsync<CasTicket>()
.Result;
}
catch (Exception ex)
{
// todo : log exception
}
if (ticket == null)
{
return null;
}
var cookieInfo = new SSOCookieInfo()
{
Alias = ticket.UserAlias,
Name = ticket.UserName,
};
IPrincipal userInfo = null;
if (!string.IsNullOrWhiteSpace(cookieInfo.Alias))
{
userInfo = SSOAuthentication.GenerateClaimsPrincipal(cookieInfo);
if (SetLocalCookieFunc != null)
{
SetLocalCookieFunc(ctx, cookieInfo);
}
else
{
SetLocalCookie(ctx, cookieInfo);
}
}
return userInfo;
}
private static string EncryptSSOCookieValue(SSOCookieInfo cookieInfo)
{
var cookieValue = JsonConvert.SerializeObject(cookieInfo);
using (var des = new TripleDESCryptoServiceProvider() { Key = AesKey, IV = AesIV })
{
var cookieValueBytes = Encoding.UTF8.GetBytes(cookieValue);
using (var ms = new MemoryStream())
{
using (var cs = new CryptoStream(ms, des.CreateEncryptor(),
CryptoStreamMode.Write))
{
cs.Write(cookieValueBytes, 0, cookieValueBytes.Length);
cs.FlushFinalBlock();
}
return Convert.ToBase64String(ms.ToArray());
}
}
}
