1、首先修改web.Config文件,加入以下设置:
- <authentication mode="Forms" >
- <forms name="casauth" loginUrl="login.aspx" />
- </authentication>
- <authorization>
- <deny users="?" />
- </authorization>
本人对.net不是很熟悉,感觉这里的配置类似java web应用程序中的过滤器,当用户访问web页时首先跳转到login.aspx页面进行验证。
2、加入以下c#代码到login.aspx页面的加载事件中:
- //CAS 身份验证 服务器地址
- private const string CASHOST = "https://sso.gzps.net:8443/cas/";
- protected void Page_Load(object sender, EventArgs e)
- {
- System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
- // Look for the "ticket=" after the "?" in the URL
- string tkt = Request.QueryString["ticket"];
- // This page is the CAS service=, but discard any query string residue
- string service = Request.Url.GetLeftPart(UriPartial.Path);
- // First time through there is no ticket=, so redirect to CAS login
- if (tkt == null || tkt.Length == 0)
- {
- string redir = CASHOST + "login?" +
- "service=" + service;
- Response.Redirect(redir);
- return;
- }
- // Second time (back from CAS) there is a ticket= to validate
- string validateurl = CASHOST + "serviceValidate?" +
- "ticket=" + tkt + "&"+
- "service=" + service;
- StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
- string resp = Reader.ReadToEnd();
- // I like to have the text in memory for debugging rather than parsing the stream
- // Some boilerplate to set up the parse.
- NameTable nt = new NameTable();
- XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
- XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
- XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
- string netid = null;
- // A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
- while (reader.Read())
- {
- if (reader.IsStartElement()) {
- string tag = reader.LocalName;
- if (tag=="user")
- netid = reader.ReadString();
- }
- }
- // if you want to parse the proxy chain, just add the logic above
- reader.Close();
- // If there was a problem, leave the message on the screen. Otherwise, return to original page.
- if (netid == null)
- {
- Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
- }
- else
- {
- Session["UserName"] = netid;
- Label1.Text = "Welcome " + netid;
- FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
- }
- }
以上代码参照了ja-sig网站的解决方案:http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication
3、以为这样就可以了,运行时可以跳到sso服务器进行验证,但跳转以后报以下错误:
" System.Net.WebException。 基础连接已关闭。 无法建立与远程服务器信任关系 "。
应该与CAS Server端安装了数字证书,而.net Client端并没有安装相应的证书有关。
可以通过配置IIS服务器,支持HTTPS SSL协议实现安全数据交换中介绍的步骤导入CAS 服务端的数字证书,或者通过http://support.microsoft.com/kb/823177/上介绍的解决方案进行处理:
实现类
- using System.Net;
- using System.Security.Cryptography.X509Certificates;
- public class MyPolicy : ICertificatePolicy {
- public bool CheckValidationResult(
- ServicePoint srvPoint
- , X509Certificate certificate
- , WebRequest request
- , int certificateProblem) {
- //Return True to force the certificate to be accepted.
- return true;
- } // end CheckValidationResult
- } // class MyPolicy
客户端代码中包含下列代码:
- System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
所有代码见附件WebSite.rar,将其部署到你的IIS服务器就可以了。
关于IIS服务器的设置见asp.net一夜速成教程