網站: JavaEye  作者: jacally  鏈接：http://lib.javaeye.com/blog/166619  發表時間: 2008年03月02日

聲明：本文系JavaEye網站發布的原創博客文章，未經作者書面許可，嚴禁任何網站轉載本文，否則必將追究法律責任！

CAS 單點登錄安裝筆記4
--- asp.net client端的設置

1、首先修改web.Config文件，加入以下設置：

<authentication mode="Forms" >

<forms name="casauth" loginUrl="login.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

本人對.net不是很熟悉，感覺這里的配置類似java web應用程序中的過濾器，當用戶訪問web頁時首先跳轉到login.aspx頁面進行驗證。

2、加入以下c#代碼到login.aspx頁面的加載事件中：

    //CAS 身份驗證 服務器地址

private const string CASHOST = "https://sso.gzps.net:8443/cas/";



protected void Page_Load(object sender, EventArgs e)

{

System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();



// Look for the "ticket=" after the "?" in the URL

string tkt = Request.QueryString["ticket"];



// This page is the CAS service=, but discard any query string residue

string service = Request.Url.GetLeftPart(UriPartial.Path);



// First time through there is no ticket=, so redirect to CAS login

if (tkt == null || tkt.Length == 0)

{

string redir = CASHOST + "login?" +

"service=" + service;

Response.Redirect(redir);

return;

}



// Second time (back from CAS) there is a ticket= to validate

string validateurl = CASHOST + "serviceValidate?" +

"ticket=" + tkt + "&"+

"service=" + service;

StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));

string resp = Reader.ReadToEnd();

// I like to have the text in memory for debugging rather than parsing the stream



// Some boilerplate to set up the parse.

NameTable nt = new NameTable();

XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);

XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);

XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);



string netid = null;



// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.

while (reader.Read())

{

if (reader.IsStartElement()) {

string tag = reader.LocalName;

if (tag=="user")

netid = reader.ReadString();

}

}

// if you want to parse the proxy chain, just add the logic above

reader.Close();

// If there was a problem, leave the message on the screen. Otherwise, return to original page.

if (netid == null)

{

Label1.Text = "CAS returned to this application, but then refused to validate your identity.";

}

else

{

Session["UserName"] = netid;

Label1.Text = "Welcome " + netid;

FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks

}



}

}

以上代碼參照了ja-sig網站的解決方案：http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication

3、以為這樣就可以了，運行時可以跳到sso服務器進行驗證，但跳轉以后報以下錯誤：
" System.Net.WebException。 基礎連接已關閉。 無法建立與遠程服務器信任關系 "。
應該與CAS Server端安裝了數字證書，而.net Client端并沒有安裝相應的證書有關。
可以通過配置IIS服務器，支持HTTPS SSL協議實現安全數據交換中介紹的步驟導入CAS 服務端的數字證書,或者通過http://support.microsoft.com/kb/823177/上介紹的解決方案進行處理：
實現類

using System.Net;

using System.Security.Cryptography.X509Certificates;



public class MyPolicy : ICertificatePolicy {

public bool CheckValidationResult(

ServicePoint srvPoint

, X509Certificate certificate

, WebRequest request

, int certificateProblem) {



//Return True to force the certificate to be accepted.

return true;



} // end CheckValidationResult

} // class MyPolicy

客戶端代碼中包含下列代碼：

   System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();

所有代碼見附件WebSite.rar,將其部署到你的IIS服務器就可以了。
關于IIS服務器的設置見asp.net一夜速成教程
本文的討論也很精彩，瀏覽討論>>


JavaEye推薦
中國領先的電子商務網站－淘寶網招賢納士，誠聘Java工程師



文章來源:http://lib.javaeye.com/blog/166619