Home > Article > Backend Development > A simple asp.net single sign-on implementation
A simple asp.net single sign-on implementation
- 高洛峰Original
- 2017-01-12 14:01:181421browse
The following is the rendering of the implementation:
First click on the train ticket booking link in the above picture, it will open http://student information platform website/LoginToTrainSite.asa page.
The approximate code of the LoginToTrainSite.asa page is as follows:
<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "No-Cache"
//根据用户session获取用户名和密码
%>
<html>
<body>
<div style='display:none'>
<form name="myForm" method="post" action="http://火车订票网站/LoginFromOtherSite.aspx">
<input type="hidden" name="UserName" value="<%=userName%>" />
<input type="hidden" name="UserPwd" value="<%=userPwd%>" />
</form>
</div>
</body>
</html>
<script language="javascript">
myForm.submit();
</script> LoginFromOtherSite.aspx.cs页面的代码大致如下:
using (SqlConnection conn = new SqlConnection(SqlHelper.StudentConnectionString))
{
string sql = "select t_stuUser.ID, t_stuUser.stuNumber, t_stuUser.userPassword, t_stuUser.realName, v_stuUser.className, v_stuUser.departmentName "
+ "from t_stuUser,v_stuUser where t_stuUser.stuNumber=@UserName and t_stuUser.userPassword=@UserPwd and v_stuUser.stuNumber=@UserName";
SqlCommand cmd = new SqlCommand(sql, conn);
SqlParameter pUserName = cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 30);
SqlParameter pUserPwd = cmd.Parameters.Add("@UserPwd", SqlDbType.VarChar, 150);
pUserName.Value = Request.Form["UserName"];
pUserPwd.Value = Request.Form["UserPwd"];
conn.Open();
SqlDataReader sdr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
if (sdr.Read())
{
Session["UserID"] = Convert.ToString(sdr["ID"]);
Session["StuName"] = Convert.ToString(sdr["realName"]);
Session["StuNumber"] = Convert.ToString(sdr["stuNumber"]);
Session["Academe"] = Convert.ToString(sdr["departmentName"]);
Session["ClassName"] = Convert.ToString(sdr["className"]);
Response.Redirect("MyOrder.aspx"); // 登录成功
}
else
{
Response.Redirect("Default.aspx"); //登录失败,用户名或密码错误
}
}Finally, after the LoginFromOtherSite.aspx page is processed, both websites are logged in. However, I would like to know where it is unsafe to use this method and what security issues may arise. I hope someone who knows can tell me.
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Implementation of asp.net jQuery Ajax user login functionNext article:Implementation of asp.net jQuery Ajax user login function