<appSettings>
<!--是否启用单点登录接口-->
<add key="IsStartCas" value="false"/>
<!--Cas登录地址-->
<add key="loginUrl" value="http://ys:3000/cas/login"/>
<!--Cas验证地址-->
<add key="validateUrl" value="http://ys:3000/cas/serviceValidate"/>
<!--Cas注销地址-->
<add key="logoutUrl" value="http://ys:3000/cas/logout"/>
</appSettings>
using System;
using System.Web.Security;
using System.Web;
using System.Net;
using System.IO;
using System.Xml;
using System.Security.Principal;
using System.Configuration;
using System.Web.SessionState;
namespace LcSoftCard.CasModule
{
/// <summary>
/// Cas单点登录接口
/// yisafe
/// 2010-08-13
/// </summary>
public class SSOCasModule : IHttpModule, IReadOnlySessionState
{
//Return url coolie name
protected const string ReturnUrl = "LcSoftCard.CasModule";
public void Init(HttpApplication application)
{
string IsStartCas = ConfigurationManager.AppSettings.Get("IsStartCas");
if (IsStartCas == "true")
{
application.AuthenticateRequest += (new EventHandler(this.Application_AuthenticateRequest));
//application.PreRequestHandlerExecute += (this.context_PreRequesHandlerExecute);
}
}
private void Application_AuthenticateRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
string casLogin = ConfigurationManager.AppSettings.Get("loginUrl");
string casValidate = ConfigurationManager.AppSettings.Get("validateUrl");
if (casLogin == null || casLogin.Length < 1 || casValidate == null || casValidate.Length < 1)
{
// trigger a server error if cashost is not set in the web.config
application.Response.StatusCode = 500;
return;
}
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = application.Request.Cookies[cookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch
{
// TODO: Make a 500 error or go back to authentication
return;
}
if (authTicket == null)
{
// TODO: Make a 500 error or go back to authentication
return;
}
// create an identity objet
FormsIdentity identity = new FormsIdentity(authTicket);
// create a principal
GenericPrincipal principal = new GenericPrincipal(identity, null);
// attach the principal to tue context objet that will flow throughout the request.
application.Context.User = principal;
}
else
{
// Check if we are back from CAS Authentication
// Look for the "ticket=" string after the "?" in the URL when back from CAS
string casTicket = application.Request.QueryString["ticket"];
// The CAS service name is the page URL for CAS Server call back
// so any query string is discard.
string service = application.Request.Url.GetLeftPart(UriPartial.Path);
if (casTicket == null || casTicket.Length == 0)
{
// memorize the initial request query string
application.Response.Cookies[ReturnUrl].Value = application.Request.RawUrl;
// redirect to cas server
string redir = casLogin + "?service=" + service;
application.Response.Redirect(redir);
return;
}
else
{
// Second pass (return from CAS server) because there is a ticket in the query string to validate
string validateurl = casValidate + "?ticket=" + casTicket + "&" + "service=" + service;
WebClient client = new WebClient();
StreamReader Reader = new StreamReader(client.OpenRead(validateurl));
// Put the validation response in a string
string resp = Reader.ReadToEnd();
// Some boilerplate to set up the parse of validation response.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML by looping in all tags.
// Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
{
netid = reader.ReadString();
break;
}
}
}
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
application.Response.Write("Get Cas Configuration error!");
}
else
{
application.Response.Write("Bienvenue " + netid);
// create the authentication ticket and store the roles in the user data
LcSoftCard.BLL.TMasterFormsTicket bll = new LcSoftCard.BLL.TMasterFormsTicket();
LcSoftCard.Model.TMasterFormsTicket model = bll.GetModel(netid);
if (model.PersonId != Guid.Empty)
{
string UserData = model.PersonId + "|" + model.PersonNo + "|" + model.PersonName;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, model.MasterId.ToString(), DateTime.Now, DateTime.Now.AddMinutes(LcSoftCard.Service.AppConfig.SessionTimeOut), true, UserData);
// encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
// create a cookie and use the encrypted ticket as data
authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// add the cookie to the response cookie collection
application.Response.Cookies.Add(authCookie);
//// go the initial request URL
//string returnUrl;
//// if the return url cookie is lost, return to the default page
//if (application.Request.Cookies[ReturnUrl] == null)
// returnUrl = application.Request.ApplicationPath;
//else
// returnUrl = application.Request.Cookies[ReturnUrl].Value;
application.Response.Redirect(FormsAuthentication.DefaultUrl);
}
else
{
application.Response.Write("Error:system not " + netid);
}
}
}
}
}
private void context_PreRequesHandlerExecute(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
System.Web.HttpContext.Current.Session["PersonNo"] = application.Context.User.Identity.Name;
}
public void Dispose()
{
}
}
}