SBox Lessons

2009-07-30

[SSO] 單一簽入 SSO by QueryString Part 2

  • 4355
  • 0
  • 2009-08-04

單一簽入 SSO by QueryString Part 2

上回提到透過QueryString達到SSO的功能, 在實際運用後整理出一些心得

此次加入加密機制及登出機制, 請享用!

SSO1.ASPX (A專案)

Public Class SSO1
    Inherits System.Web.UI.Page

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '在這裡放置使用者程式碼以初始化網頁

        Session("username") = "Spark"
        Session("email") = "spark@sso.com"
        Session("userid") = 2
        Session("sex") = "M"
        Session("DestPage") = "http://www.dotblogs.com.tw/spark/Default.aspx"

        Dim SSOKey = "SSOTEST"       '加密KEY
        Dim SSOCount = "2"           '專案數
        Dim SSONexturl = "SSO2.ASPX" '下一專案

        If Trim("" & Request.QueryString("logout")) = "1" Then
            'SSO登出次數加1
            Dim sso_times As Integer = CInt(Trim("" & Request.QueryString("sso_times"))) + 1
            '清除此專案所有session
            Session.Clear()
            '當SSO登出次數達專案數即代表全數登出
            If sso_times >= SSOCount Then
                Response.Redirect(Session("DestPage").ToString)
            Else
                Response.Redirect(SSONexturl & "?logout=1&sso_times=" & sso_times)
            End If
        Else
            '若有Session加密資料傳入,則解密
            For i As Integer = 0 To Request.Form.Count - 1
                Dim objdata As String = Crypt.Decrypt(Request.Form(i).ToString(), SSOKey)
                Session(Request.Form.GetKey(i)) = objdata
            Next

            'SSO登入次數加1
            Session("sso_times") = Session("sso_times") + 1

            '當SSO登入次數達專案數即代表全數登入
            If Session("sso_times") >= SSOCount Then
                If Trim("" & Session("bp")) = "" Then
                    Response.Redirect(Session("DestPage").ToString)
                Else
                    Response.Redirect(Session("bp").ToString)
                End If
            Else
                '將所有的Session加密後傳送至下個專案
                Response.Write("<form name=t id=t action='" & SSONexturl & "' method=post >")
                For i As Integer = 0 To Session.Contents.Count - 1
                    Dim str As String = Trim("" & Session.Contents(Session.Keys(i).ToString))
                    '加密
                    Dim objdata As String = Crypt.EncryptStr(str, SSOKey)
                    Response.Write("<input type=hidden name=" & Session.Keys(i).ToString)
                    Response.Write(" value=" & objdata & " >")
                Next
                Response.Write("<input type=submit name=button value='sso' style='display:none'>")
                Response.Write("</FORM>")
                Response.Write("<SCRIPT language='JavaScript'>document.t.submit();</script>")
            End If
        End If

    End Sub

End Class

SSO2.ASPX (B專案)

Public Class SSO2
    Inherits System.Web.UI.Page

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '在這裡放置使用者程式碼以初始化網頁

        Dim SSOKey = "SSOTEST"
        Dim SSOCount = "2"
        Dim SSONexturl = "SSO1.ASPX"

        If Trim("" & Request.QueryString("logout")) = "1" Then
            'SSO登出次數加1
            Dim sso_times As Integer = CInt(Trim("" & Request.QueryString("sso_times"))) + 1
            '清除此專案所有session
            Session.Clear()
            '當SSO登出次數達專案數即代表全數登出
            If sso_times >= SSOCount Then
                Response.Redirect(Session("DestPage").ToString)
            Else
                Response.Redirect(SSONexturl & "?logout=1&sso_times=" & sso_times)
            End If
        Else
            '若有Session加密資料傳入,則解密
            For i As Integer = 0 To Request.Form.Count - 1
                Dim objdata As String = Crypt.Decrypt(Request.Form(i).ToString(), SSOKey)
                Session(Request.Form.GetKey(i)) = objdata
            Next

            Response.Write("<br>" & Session("username").ToString)
            Response.Write("<br>" & Session("email").ToString)
            Response.Write("<br>" & Session("userid").ToString)
            Response.Write("<br>" & Session("sex").ToString)
            Response.Write("<br>" & Session("DestPage").ToString)

            'SSO登入次數加1
            Session("sso_times") = Session("sso_times") + 1

            '當SSO登入次數達專案數即代表全數登入
            If Session("sso_times") >= SSOCount Then
                If Trim("" & Session("bp")) = "" Then
                    Response.Redirect(Session("DestPage").ToString)
                Else
                    Response.Redirect(Session("bp").ToString)
                End If
            Else
                '將所有的Session加密後傳送至下個專案
                Response.Write("<form name=t id=t action='" & SSONexturl & "' method=post >")
                For i As Integer = 0 To Session.Contents.Count - 1
                    Dim str As String = Trim("" & Session.Contents(Session.Keys(i).ToString))
                    '加密
                    Dim objdata As String = Crypt.EncryptStr(str, SSOKey)
                    Response.Write("<input type=hidden name=" & Session.Keys(i).ToString)
                    Response.Write(" value=" & objdata & " >")
                Next
                Response.Write("<input type=submit name=button value='sso' style='display:none'>")
                Response.Write("</FORM>")
                Response.Write("<SCRIPT language='JavaScript'>document.t.submit();</script>")
            End If
        End If

    End Sub

End Class

另外建議在ASPX頁面加入以下程式碼以防止使用者關閉Javascript造成此功能無法運作

<meta http-equiv="Refresh" content="1;url=sso.aspx?logout=1&sso_times=0">
<noscript><center>很抱歉,您的瀏覽器不支援Javascript<br>您必需先開啟JavaScript支援或安裝支援JavaScript的瀏覽器方能正常使用本網站</center></noscript>

 

-----------------------
Share is Power