首次訪問分站1時,Request["IASID"]爲空,獲取站點1信息,並經過一系列加密後,以html方式post到master主站。
<html><head></head><body onload="document.form1.submit()">
<form name="form1" method="post" action="http://localhost:6330/MasterSite/Default.aspx" >
<input name="UserAccount" type="hidden" value="">
<input name="IASID" type="hidden" value="01">
<input name="TimeStamp" type="hidden" value="2011-05-24 15:01">
<input name="AppUrl" type="hidden" value="http://localhost:6331/Site1/Default.aspx">
<input name="Authenticator" type="hidden" value="9sXIXHWGD85bNFAeZJlH6Hk7w+z0hpSQjP9W5jstM6MMOq0D7sLcEXm5fZcOKLgGCdz3mM4QEmuBO7oj9n97LtAtFVLjupvp7HVfsLM6K1umTu3yM6ABMA==">
</form></body></html>
在主站驗證HttpContext.Current.Request.Cookies["EACToken"]爲空,所以轉向到主站的登錄頁面,
在主站登錄頁登錄後,Session["CurrUserName"] = Login1.UserName;
FormsAuthentication.SetAuthCookie(Login1.UserName, false);
轉向主站列表頁,列出展示各個分站
點擊分站1,蒐集分站1信息,經一系列加密後,添加EACToken
HttpContext.Current.Response.Cookies["EACToken"].Value = cookieValue;
HttpContext.Current.Response.Cookies["EACToken"].Expires = DateTime.Now.AddHours(24);
HttpContext.Current.Response.Cookies["EACToken"].Path = "/";
接着主站post發送到分站1
<html><head></head><body onload="document.form1.submit()">
<form name="form1" method="post" action="http://localhost:6331/Site1/Default.aspx" >
<input name="UserAccount" type="hidden" value="admin">
<input name="IASID" type="hidden" value="01">
<input name="TimeStamp" type="hidden" value="2011-05-24 15:43">
<input name="AppUrl" type="hidden" value="http://localhost:6331/Site1/Default.aspx">
<input name="Authenticator" type="hidden" value="5psvdFECOjIBkB3oeysvaJbuA0OJsMMDkurlMRrBXWMWG/7SW/u0OybfE0o5btDrMNCfLBLR6vXOfeApUcS9Qop/4fxfiSfPTetPVtRruIt9hDw8Hv3CnoynO8IOgPFL">
</form></body></html>
分站1 驗證主站post來的token,若正確,則取出用戶名Request["UserAccount"]
分站2 首次加載時,Request["IASID"]爲空,蒐集站點2信息,一系列加密後post到主站master
<html><head></head><body onload="document.form1.submit()">
<form name="form1" method="post" action="http://localhost:6330/MasterSite/Default.aspx" >
<input name="UserAccount" type="hidden" value="">
<input name="IASID" type="hidden" value="02">
<input name="TimeStamp" type="hidden" value="2011-05-24 16:09">
<input name="AppUrl" type="hidden" value="http://localhost:6332/Site2/Default.aspx?ReturnUrl=/Site2/Default2.aspx">
<input name="Authenticator" type="hidden" value="6h1rbGuS4AVvfAVxC7NxP6m65clrKs9CLuqp7FmamkbJ7SMGDk7wgcmBPtE3L1OKviEf/2ms8FlcvB5DggZ/lnMKIOiPG5PKthC2GBrO2SL9KkYNuYX2DaIxN8Utd1NS5n6uKlMlO7YUXzu5YI4ipw5SgG1I02R4">
</form></body></html>
主站驗證VACCookie 已經存在 解密出 用戶名
主站驗證通過 將用戶信息和分站2信息 加密後 post回分站2