基于通用权限管理系统实现的单点登录
在一个项目中,需要使用单点登录,下面是我在结合通用权限管理系统做的一个登录程序,注意登录后本地服务器程序中没有使用session保存登录信息,使用的是FormsAuthentication。
登陆页主要代码
登陆页主要代码
1 using DotNet.Business; 2 using DotNet.Utilities; 3 using Newtonsoft.Json; 4 using ZTOTransferFees.Foundation; 5 using ZTOTransferFees.WebSite.WebPermission; 6 /// <summary> 7 /// 登录页面 8 /// 9 /// <author> 10 /// <name>SongBiao</name> 11 /// <date>2014.03.09</date> 12 /// </author> 13 /// </summary> 14 public partial class Login : BasePage 15 { 16 /// <summary> 17 /// 18 /// </summary> 19 protected string act = string.Empty; 20 /// <summary> 21 /// 站点 22 /// </summary> 23 protected string sitename = string.Empty; 24 /// <summary> 25 /// 用户名 26 /// </summary> 27 protected string username = string.Empty; 28 /// <summary> 29 /// 密码 30 /// </summary> 31 protected string password = string.Empty; 32 protected void Page_Load(object sender, EventArgs e) 33 { 34 act = string.IsNullOrWhiteSpace(Request["act"]) || string.Equals(Request["act"], "null", StringComparison.OrdinalIgnoreCase) ? "" : Request["act"].Trim(); 35 if (!string.IsNullOrWhiteSpace(act) && string.Equals("login", Request["act"].Trim(), StringComparison.OrdinalIgnoreCase)) 36 { 37 Response.ContentType = "application/json"; 38 sitename = string.IsNullOrWhiteSpace(Request["sitename"]) || string.Equals(Request["sitename"], "null", StringComparison.OrdinalIgnoreCase) ? "" : Request["sitename"].Trim(); 39 username = string.IsNullOrWhiteSpace(Request["username"]) || string.Equals(Request["username"], "null", StringComparison.OrdinalIgnoreCase) ? "" : Request["username"].Trim(); 40 password = string.IsNullOrWhiteSpace(Request["password"]) || string.Equals(Request["password"], "null", StringComparison.OrdinalIgnoreCase) ? "" : Request["password"].Trim(); 41 LoginResult loginResult = new LoginResult(); 42 BaseUserInfo userInfo = null; 43 JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer(); 44 if (!string.IsNullOrWhiteSpace(sitename) && !string.IsNullOrWhiteSpace(username) && !string.IsNullOrWhiteSpace(password)) 45 { 46 //webservice 方式访问 47 PermissionServiceSoapClient webPermission = new PermissionServiceSoapClient(); 48 string jsonData = webPermission.LogOnByCompany(sitename, username, password); 49 dynamic json = JsonConvert.DeserializeObject(jsonData); 50 string statusCode=string.Empty; 51 string statusMessage = string.Empty; 52 string userData = string.Empty; 53 statusCode = (string)((dynamic)json)["StatusCode"]; 54 statusMessage = (string)((dynamic)json)["StatusMessage"]; 55 if (string.Equals("OK", statusCode, StringComparison.OrdinalIgnoreCase)) 56 { 57 userData = json["UserInfo"].ToString(); 58 userInfo = javaScriptSerializer.Deserialize<BaseUserInfo>(userData); 59 FormsAuthentication.SetAuthCookie(userInfo.UserName, true, FormsAuthentication.FormsCookiePath); 60 FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, userInfo.UserName, DateTime.Now, DateTime.Now.AddMinutes(20), false, userData); 61 FormsIdentity identity = new FormsIdentity(authTicket); 62 ManageCookies.AddCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); 63 loginResult.Status = statusCode; 64 loginResult.Message = statusMessage; 65 } 66 } 67 string result= javaScriptSerializer.Serialize(loginResult); 68 Response.Write(result); 69 Response.End(); 70 } 71 72 } 73 /// <summary> 74 /// 登录结果 75 /// </summary> 76 class LoginResult 77 { 78 public string Status 79 { 80 set; 81 get; 82 } 83 public string Message 84 { 85 set; 86 get; 87 } 88 } 89 }
登录验证基类页主要代码
1 using System.Web.Script.Serialization; 2 using DotNet.Utilities; 3 /// <summary> 4 /// 权限基类页 5 /// 1、单点登录信息 登陆后保存用户信息 FormsAuthenticationTicket 6 /// 2、所有需要登录或炎症权限的均集成此类 7 /// 8 /// 9 /// <author> 10 /// <name>SongBiao</name> 11 /// <date>2014.03.09</date> 12 /// </author> 13 /// </summary> 14 public class AuthBasePage : BasePage 15 { 16 protected BaseUserInfo userInfo = new BaseUserInfo(); 17 protected string userData = string.Empty; 18 protected override void OnInit(EventArgs e) 19 { 20 //判断是否得到身份认证 21 if (!HttpContext.Current.User.Identity.IsAuthenticated) 22 { 23 Response.Redirect(FormsAuthentication.LoginUrl); 24 } 25 HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName]; 26 FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); 27 userData = authTicket.UserData; 28 JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer(); 29 userInfo=javaScriptSerializer.Deserialize<BaseUserInfo>(userData);
base.OnInit(e);
30 } 31 }
安全退出主要实现代码:需要实现本地退出时,主站也一起退出
public partial class Logout : AuthBasePage
{
protected void Page_Load(object sender, EventArgs e)
{
try
{
//本地站点先退出 这样在主站退出有异常时可保证本地安全退出
FormsAuthentication.SignOut();
//ManageCookies.RemoveCookie(FormsAuthentication.FormsCookieName);
ManageCookies.SetCookie(FormsAuthentication.FormsCookieName, DateTime.Now.AddDays(-1));
//主站退出
DotNet.Business.Utilities.Logout(userInfo, false);
}
catch (Exception ex)
{
LogHelper.WriteErrorLog("安全退出Logout出现异常", ex);
}
finally
{
//返回到登录页面
Response.Redirect(FormsAuthentication.LoginUrl);
}
}
}
注意 在Global.aspx中需要设置配置
protected void Application_Start(object sender, EventArgs e)
{
// 读取配置文件
BaseConfiguration.GetSetting();
}
上面using DotNet.Business;using DotNet.Utilities;是引用吉日嘎拉先生通用权限管理系统的组件。
这里还没涉及到权限管理这一块,如何进行登录后的权限控制下次再分享。
