.NET Core2.0+MVC 用session,cookie实现的sso单点登录

博主刚接触.NET Core2.0,想做一个单点登录的demo,所以参考了一些资料,这里给上链接:

1.http://www.cnblogs.com/baibaomen/p/sso-sequence-chart.html

2.https://www.cnblogs.com/ywlaker/p/6113927.html

于是开始项目:

首先,既然是单点登录,就得建立多个站点,实现多个系统一次登录/注销。

直接看解决方案

sso_server用于统一登录

这边思路不再多说,上面的两篇帖子说的比较清楚。

既然使用session,那么,就得在startup中添加:

当然,所有用到session的项目,都需要这么添加一下(个人觉得有点麻烦,有更好的方法,也请告知,感谢)

然后是system1,system2的代码(这里两个系统没有差别)

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Net.Http;
  5. using System.Net.Http.Headers;
  6. using System.Security.Claims;
  7. using System.Threading.Tasks;
  8. using Microsoft.AspNetCore.Authentication;
  9. using Microsoft.AspNetCore.Authentication.Cookies;
  10. using Microsoft.AspNetCore.Http;
  11. using Microsoft.AspNetCore.Mvc;
  12.  
  13. namespace SSO_Server.Controllers
  14. {
  15. public class LoginController : Controller
  16. {
  17. public IActionResult Index(string returnUrl)
  18. {
  19. //浏览器带过来的cookie,token值
  20. string browsertoken = HttpContext.Request.Cookies["token"];
  21. //不存在,则判断未登录
  22. if (string.IsNullOrEmpty(browsertoken) || string.IsNullOrEmpty(HttpContext.Session.GetString(browsertoken)))
  23. {
  24. ViewData["Message"] = "请登录";
  25. }
  26. else
  27. {
  28. string url = HttpContext.Session.GetString(browsertoken) + ",";
  29. //将请求的url注册
  30. HttpContext.Session.SetString(browsertoken, url + returnUrl);
  31. //存在token,判断已登录,返回用户信息
  32. return Redirect(returnUrl + "?token=" + browsertoken + "&uid=" + "1234");
  33. //return Content(returnUrl + "?token=" + browsertoken + "&uid=" + "1234");
  34. }
  35. return View();
  36. }
  37.  
  38. public IActionResult SignIn(string returnUrl)
  39. {
  40. //保存用户信息
  41. HttpContext.Session.SetString("uid","1234");
  42. //生成token
  43. string token = Guid.NewGuid().ToString();
  44. //将请求的url注册
  45. HttpContext.Session.SetString(token, returnUrl);
  46. //写入浏览器token
  47. HttpContext.Response.Cookies.Append("token",token);
  48. if (string.IsNullOrWhiteSpace(returnUrl))
  49. {
  50. returnUrl = "http://sysone.yourdomain.cn";
  51. }
  52. //返回token和用户信息到请求地址
  53. return Redirect(returnUrl+"?token="+ token+"&uid="+"1234");
  54. }
  55.  
  56. public IActionResult sessiontoken()
  57. {
  58. string browsertoken = HttpContext.Request.Cookies["token"];
  59. string s= HttpContext.Session.GetString(browsertoken);
  60. return Content(s);
  61. }
  62.  
  63. public IActionResult SignOut(string returnUrl)
  64. {
  65. string cont = string.Empty;
  66. string nexturl = string.Empty;
  67. string browsertoken = HttpContext.Request.Cookies["token"];
  68. if (!string.IsNullOrEmpty(HttpContext.Session.GetString(browsertoken)))
  69. {
  70. string urlstr = HttpContext.Session.GetString(browsertoken);
  71. //string urlstr = "http://sysone.yourdomain.cn,http://systwo.yourdomain.cn";
  72. string[] ulslist = urlstr.Split(',');
  73. List<string> arrstr = ulslist.Distinct().ToList();
  74. if (arrstr.Count() > 0 && !string.IsNullOrEmpty(arrstr[0]))
  75. {
  76. nexturl = arrstr[0] + "/Home/SignOut";
  77. cont = string.Join(",", arrstr);
  78. }
  79. }
  80. HttpContext.Response.Cookies.Delete("token");
  81. HttpContext.Session.Clear();
  82. //return Content(nexturl + "?returnUrl=" + returnUrl + "&cont=" + cont);
  83. if (!string.IsNullOrEmpty(nexturl))
  84. return Redirect(nexturl + "?returnUrl=" + returnUrl + "&cont=" + cont);
  85. else
  86. return Redirect(returnUrl);
  87. }
  88. }
  89. }

然后是视图

  1. @{
  2. ViewData["Title"] = "Home Page";
  3. }
  4. @ViewData["Message"]
  5. @if (!ViewData["Message"].ToString().Equals("请登录"))
  6. {
  7. <a href="http://sso.yourdomain.cn/Login/SignOut?returnUrl=http://sysone.yourdomain.cn">注销</a>
  8. }
  9. else
  10. {
  11. <a class="btn btn-default" href="http://sso.yourdomain.cn/login?returnUrl=http://sysone.yourdomain.cn">登录</a>
  12. }

然后是sso认证中心代码:

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Net.Http;
  5. using System.Net.Http.Headers;
  6. using System.Security.Claims;
  7. using System.Threading.Tasks;
  8. using Microsoft.AspNetCore.Authentication;
  9. using Microsoft.AspNetCore.Authentication.Cookies;
  10. using Microsoft.AspNetCore.Http;
  11. using Microsoft.AspNetCore.Mvc;
  12.  
  13. namespace SSO_Server.Controllers
  14. {
  15. public class LoginController : Controller
  16. {
  17. public IActionResult Index(string returnUrl)
  18. {
  19. //浏览器带过来的cookie,token值
  20. string browsertoken = HttpContext.Request.Cookies["token"];
  21. //不存在,则判断未登录
  22. if (string.IsNullOrEmpty(browsertoken) || string.IsNullOrEmpty(HttpContext.Session.GetString(browsertoken)))
  23. {
  24. ViewData["Message"] = "请登录";
  25. }
  26. else
  27. {
  28. string url = HttpContext.Session.GetString(browsertoken) + ",";
  29. //将请求的url注册
  30. HttpContext.Session.SetString(browsertoken, url + returnUrl);
  31. //存在token,判断已登录,返回用户信息
  32. return Redirect(returnUrl + "?token=" + browsertoken + "&uid=" + "1234");
  33. //return Content(returnUrl + "?token=" + browsertoken + "&uid=" + "1234");
  34. }
  35. return View();
  36. }
  37.  
  38. public IActionResult SignIn(string returnUrl)
  39. {
  40. //保存用户信息
  41. HttpContext.Session.SetString("uid","1234");
  42. //生成token
  43. string token = Guid.NewGuid().ToString();
  44. //将请求的url注册
  45. HttpContext.Session.SetString(token, returnUrl);
  46. //写入浏览器token
  47. HttpContext.Response.Cookies.Append("token",token);
  48. if (string.IsNullOrWhiteSpace(returnUrl))
  49. {
  50. returnUrl = "http://sysone.yourdomain.cn";
  51. }
  52. //返回token和用户信息到请求地址
  53. return Redirect(returnUrl+"?token="+ token+"&uid="+"1234");
  54. }
  55.  
  56. public IActionResult sessiontoken()
  57. {
  58. string browsertoken = HttpContext.Request.Cookies["token"];
  59. string s= HttpContext.Session.GetString(browsertoken);
  60. return Content(s);
  61. }
  62.  
  63. public IActionResult SignOut(string returnUrl)
  64. {
  65. string cont = string.Empty;
  66. string nexturl = string.Empty;
  67. string browsertoken = HttpContext.Request.Cookies["token"];
  68. if (!string.IsNullOrEmpty(HttpContext.Session.GetString(browsertoken)))
  69. {
  70. string urlstr = HttpContext.Session.GetString(browsertoken);
  71. //string urlstr = "http://sysone.yourdomain.cn,http://systwo.yourdomain.cn";
  72. string[] ulslist = urlstr.Split(',');
  73. List<string> arrstr = ulslist.Distinct().ToList();
  74. if (arrstr.Count() > 0 && !string.IsNullOrEmpty(arrstr[0]))
  75. {
  76. nexturl = arrstr[0] + "/Home/SignOut";
  77. cont = string.Join(",", arrstr);
  78. }
  79. }
  80. HttpContext.Response.Cookies.Delete("token");
  81. HttpContext.Session.Clear();
  82. //return Content(nexturl + "?returnUrl=" + returnUrl + "&cont=" + cont);
  83. if (!string.IsNullOrEmpty(nexturl))
  84. return Redirect(nexturl + "?returnUrl=" + returnUrl + "&cont=" + cont);
  85. else
  86. return Redirect(returnUrl);
  87. }
  88. }
  89. }

sso,登录页视图index

  1. @{
  2. ViewData["Title"] = "登录";
  3. }
  4. @ViewData["Message"]
  5. @if (!ViewData["Message"].ToString().Equals("请登录"))
  6. {
  7. <a href="@Url.Action("SignOut")">注销</a>
  8. }
  9. else
  10. {
  11. <a class="btn btn-default" href="@Url.Action("SignIn","Login",new { returnUrl=Context.Request.Query["returnUrl"]})">登录</a>
  12. }
  13. @ViewData["Message1"]

这里贴上资源链接

https://download.csdn.net/download/qq_28248571/10342173

这里只是初步demo,请不要钻牛角尖,欢迎讨论,感谢你的阅读

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/zbliao/p/13813460.html