zoukankan      html  css  js  c++  java
  • 单点登陆 ---密钥

    一、需求描述

    现在有A系统和B系统,需要在A系统进行单点登陆到B系统。

    二、B系统要做事

    1、提供一个可以让A系统登陆的网址

    http://localhost:8083/Account/SingleSignOn/?u=xxx&token=FB92B341DBDB59D7

    其中,u为加密后的用户名,token为B系统与A系统单点登录握手密钥

    2、控制器中的方法代码如下

    [AllowAnonymous]
            [NoTransaction]
            /// <summary>
            /// 执行单点登录
            /// </summary>
            public ActionResult SingleSignOn()
            {
                RedirectToRouteResult result = null;
                string usertokenString = Request.Params["token"];
                string userName = Request.Params["u"];
                string loginname = DESHelper.Decrypt(userName);
                string token = System.Configuration.ConfigurationSettings.AppSettings["token"];
                if (!string.IsNullOrEmpty(usertokenString))
                {
                    if (usertokenString != token || string.IsNullOrEmpty(userName))
                    {
                        result = RedirectToAction("NotRole", "Home");
                    }
                    else
                    {
                        MembershipUser user = Membership.GetUser(loginname, false);
                        if (user == null)
                        {
                            //用户不存在
                            result = RedirectToAction("UserNotExist", "Home");
                        }
                        else if (user.IsLockedOut)
                        {
                            //用户被锁定
                            result = RedirectToAction("UserIsLockedOut", "Home");
                        }
                        else if (!user.IsApproved)
                        {
                            //用户未启用 
                            result = RedirectToAction("UserIsApproved", "Home");
                        }
                        else
                        {
                            LogInfoService lis = new LogInfoService();
                            LogInfo lilist = new LogInfo(ProfileHelper.GetName(), "登录", "登录");
                            lis.Save(lilist);
                            result = RedirectToAction("Index", "Member");
                        }
                    }
                }
                else
                    result = RedirectToAction("NotRole", "Home");
    
                Session["userid"] = loginname;
                System.Web.Security.FormsAuthentication.SetAuthCookie(loginname, true);
                return result;
            }

    首先我们要接过传过来的token和用户名u,

    其次我们要对用户名进行解密

    最后我们要比较token是不是A系统认证的token,并查找用户名是否存在

    如果都满足则让用户登陆

    3、解密用户名,要步骤2中,要对传过来的用户名进行解密,加密解决的方法都提供了

    /// <summary>
        /// DES对称加密
        /// </summary>
        public static class DESHelper
        {
            /// <summary>
            /// 根据用户名解密
            /// </summary>
            /// <param name="val"></param>
            /// <param name="userid"></param>
            /// <returns></returns>
            public static string Decrypt(string val, string userid = "")
            {
    
                var key = GetKey(userid);
                var iv = GetDefaultIV();
                return Decrypt(val, key, iv);
            }
    
            /// <summary>
            /// 根据用户名加密
            /// </summary>
            /// <param name="val"></param>
            /// <param name="userid"></param>
            /// <returns></returns>
            public static string Encrypt(string val, string userid = "")
            {
    
                var key = GetKey(userid);
                var iv = GetDefaultIV();
                return Encrypt(val, key, iv);
            }
    
            /// <summary>
            /// Des加密方法
            /// </summary>
            /// <param name="val"></param>
            /// <param name="key"></param>
            /// <param name="IV"></param>
            /// <returns></returns>
            public static string Encrypt(string val, string key, string IV, CipherMode cipherMode = CipherMode.ECB)
            {
                try
                {
                    if (string.IsNullOrEmpty(key) || string.IsNullOrEmpty(key))
                    {
                        throw new Exception("密钥和偏移向量不足8位");
                    }
    
                    if (key.Length > 8) key = key.Substring(0, 8);
                    if (IV.Length > 8) IV = IV.Substring(0, 8);
    
                    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
                    byte[] btKey = Encoding.Default.GetBytes(key);
                    byte[] btIV = Encoding.Default.GetBytes(IV);
                    StringBuilder builder = new StringBuilder();
                    using (MemoryStream ms = new MemoryStream())
                    {
                        byte[] inData = Encoding.Default.GetBytes(val);
                        using (CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(btKey, btIV), CryptoStreamMode.Write))
                        {
                            cs.Write(inData, 0, inData.Length);
                            cs.FlushFinalBlock();
                        }
    
                        foreach (byte num in ms.ToArray())
                        {
                            builder.AppendFormat("{0:X2}", num);
                        }
                    } 
                    return builder.ToString();
                }
                catch // (Exception ex)
                {
                    return "";
                }
            }
    
            /// <summary>
            /// Des解密方法
            /// cbc模式:(key值和iv值一致)
            /// </summary>
            /// <param name="val"></param>
            /// <param name="key"></param>
            /// <param name="IV"></param>
            /// <returns></returns>
            public static string Decrypt(string val, string key, string IV, CipherMode cipherMode = CipherMode.ECB)
            {
                try
                {
                    if (string.IsNullOrEmpty(key) || string.IsNullOrEmpty(key))
                    {
                        throw new Exception("密钥和偏移向量不足8位");
                    }
    
                    if (key.Length > 8) key = key.Substring(0, 8);
                    if (IV.Length > 8) IV = IV.Substring(0, 8);
    
                    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
                    byte[] btKey = Encoding.Default.GetBytes(key);
                    byte[] btIV = Encoding.Default.GetBytes(IV);
                    using (MemoryStream ms = new MemoryStream())
                    {
                        byte[] inData = new byte[val.Length / 2];
                        for (int i = 0; i < (val.Length / 2); i++)
                        {
                            int num2 = Convert.ToInt32(val.Substring(i * 2, 2), 0x10);
                            inData[i] = (byte)num2;
                        }
    
                        using (CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(btKey, btIV), CryptoStreamMode.Write))
                        {
                            cs.Write(inData, 0, inData.Length);
                            cs.FlushFinalBlock();
                        }
    
                        return Encoding.Default.GetString(ms.ToArray());
                    }
                }
                catch // (System.Exception ex)
                {
                    return "";
                }
            }
    
            /// <summary>
            /// Md5加密
            /// </summary>
            /// <param name="str"></param>
            /// <returns></returns>
            public static string MD5(string str)
            {
                if (string.IsNullOrEmpty(str)) return str;
                System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create();
                string encoded = BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(str))).Replace("-", "");
                return encoded;
            }
    
            private static string GetKey(string key)
            {
                string defaultKey = "C560F02F693B4A0BA62D2B3B5FB74534";
                string sTemp = defaultKey;
                if (!string.IsNullOrEmpty(key))
                {
                    sTemp = string.Concat(key, defaultKey.Substring(key.Length, 32 - key.Length));
                }
                return MD5(sTemp).Substring(0, 8);
            }
            /// <summary>   
            /// 获得初始向量IV 
            /// </summary>   
            /// <returns>初试向量IV</returns>   
            private static string GetDefaultIV()
            {
                string sTemp = "87DE696F56DE49C0B96EB85139A48805";
                return MD5(sTemp).Substring(0, 8);
            }
        }

    三、A系统要做的事

    1、直接访问B提供的网址

    http://localhost:8083/Account/SingleSignOn/?token=FB92B341DBDB59D7&u="+userName

    其中用户名userName是进行加密了的

    2、加密用户名的方法

    public string GetUserId()
            {
               return Encrypt(HttpContext.Current.User.Identity.Name);
            }
    
            public string Encrypt(string val)
            {
                var key = "87DE696F";//测试期间请用此key使用
                try
                {
                    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
                    byte[] btKey = Encoding.Default.GetBytes(key);
                    byte[] btIV = Encoding.Default.GetBytes(key);
                    StringBuilder builder = new StringBuilder();
                    using (MemoryStream ms = new MemoryStream())
                    {
                        byte[] inData = Encoding.Default.GetBytes(val);
                        using (CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(btKey, btIV), CryptoStreamMode.Write))
                        {
                            cs.Write(inData, 0, inData.Length);
                            cs.FlushFinalBlock();
                        }
    
                        foreach (byte num in ms.ToArray())
                        {
                            builder.AppendFormat("{0:x2}", num);
                        }
                    }
                    return builder.ToString();
                }
                catch // (Exception ex)
                {
                    return "";
                }
            }
  • 相关阅读:
    《团队-团队编程项目中国象棋-成员简介及分工》
    团队-编程项目 中国象棋-需求分析
    结对编程:贪吃蛇项目
    软件工程进阶
    JAVA第二次作业
    JAVA第一次作业
    JS解决重复绑定问题以及获取事件
    ECMAScript5学习笔记--第十四章 程序
    ECMAScript5学习笔记--第十三章 函数定义
    ECMAScript5学习笔记--第十二章 语句
  • 原文地址:https://www.cnblogs.com/zhengwei-cq/p/10316307.html
Copyright © 2011-2022 走看看