Home > Backend Development > C#.Net Tutorial > A simple asp.net single sign-on implementation

A simple asp.net single sign-on implementation

高洛峰
Release: 2017-01-12 14:01:18
Original
1501 people have browsed it

The following is the rendering of the implementation:

一个简单的asp.net 单点登录实现

First click on the train ticket booking link in the above picture, it will open http://student information platform website/LoginToTrainSite.asa page.

The approximate code of the LoginToTrainSite.asa page is as follows:

<% 
Response.Buffer = True 
Response.ExpiresAbsolute = Now() - 1 
Response.Expires = 0 
Response.CacheControl = "no-cache" 
Response.AddHeader "Pragma", "No-Cache" 

//根据用户session获取用户名和密码 
%> 
<html> 
<body> 
<div style=&#39;display:none&#39;> 
<form name="myForm" method="post" action="http://火车订票网站/LoginFromOtherSite.aspx"> 
<input type="hidden" name="UserName" value="<%=userName%>" /> 
<input type="hidden" name="UserPwd" value="<%=userPwd%>" /> 
</form> 
</div> 
</body> 
</html> 
<script language="javascript"> 
myForm.submit(); 
</script> LoginFromOtherSite.aspx.cs页面的代码大致如下: 

using (SqlConnection conn = new SqlConnection(SqlHelper.StudentConnectionString)) 
{ 
string sql = "select t_stuUser.ID, t_stuUser.stuNumber, t_stuUser.userPassword, t_stuUser.realName, v_stuUser.className, v_stuUser.departmentName " 
+ "from t_stuUser,v_stuUser where t_stuUser.stuNumber=@UserName and t_stuUser.userPassword=@UserPwd and v_stuUser.stuNumber=@UserName"; 
SqlCommand cmd = new SqlCommand(sql, conn); 
SqlParameter pUserName = cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 30); 
SqlParameter pUserPwd = cmd.Parameters.Add("@UserPwd", SqlDbType.VarChar, 150); 
pUserName.Value = Request.Form["UserName"]; 
pUserPwd.Value = Request.Form["UserPwd"]; 
conn.Open(); 
SqlDataReader sdr = cmd.ExecuteReader(CommandBehavior.CloseConnection); 
if (sdr.Read()) 
{ 
Session["UserID"] = Convert.ToString(sdr["ID"]); 
Session["StuName"] = Convert.ToString(sdr["realName"]); 
Session["StuNumber"] = Convert.ToString(sdr["stuNumber"]); 
Session["Academe"] = Convert.ToString(sdr["departmentName"]); 
Session["ClassName"] = Convert.ToString(sdr["className"]); 
Response.Redirect("MyOrder.aspx"); // 登录成功 
} 
else 
{ 
Response.Redirect("Default.aspx"); //登录失败,用户名或密码错误 
} 
}
Copy after login

Finally, after the LoginFromOtherSite.aspx page is processed, both websites are logged in. However, I would like to know where it is unsafe to use this method and what security issues may arise. I hope someone who knows can tell me.

For more related articles on a simple asp.net single sign-on implementation, please pay attention to the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template