因項目需要,使用了耶魯大學的Cas單點登錄方案,在java中使用一直正常,但是在.Net中碰到了循環重定向的問題,反覆測試後,總算解決了,最終的配置如下:
<?xml version="1.0" encoding="utf-8"?> <!-- 有關如何配置 ASP.NET 應用程序的詳細信息,請訪問 http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <configSections> <section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" /> </configSections> <appSettings> <add key="webpages:Version" value="2.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="PreserveLoginUrl" value="true" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> </appSettings> <casClientConfig casServerLoginUrl="http://192.168.101.100:8082/cas/login" casServerUrlPrefix="http://192.168.101.100:8082/cas/" serverName="http://192.168.101.109/SSOMvc" redirectAfterValidation="true" gateway="false" renew="false" singleSignOut="true" ticketTimeTolerance="5000" ticketValidatorName="Cas20" serviceTicketManager="CacheServiceTicketManager" gatewayStatusCookieName="CasGatewayStatus" /> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms loginUrl="http://192.168.101.100:8082/cas/login" timeout="30" defaultUrl="~/Home/Index" cookieless="UseCookies" slidingExpiration="true" path="/SSOMvc/" /> </authentication> <pages> <namespaces> <add namespace="System.Web.Helpers" /> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Optimization" /> <add namespace="System.Web.Routing" /> <add namespace="System.Web.WebPages" /> </namespaces> </pages> <httpModules> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> </httpModules> <sessionState mode="StateServer" cookieless="UseCookies" timeout="3600"></sessionState> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="DotNetCasClient" /> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> </modules> <handlers> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" /> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> <system.diagnostics> <trace autoflush="true" useGlobalLock="false" /> <sharedListeners> <!-- Writing trace output to a log file is recommended. IMPORTANT: The user account under which the containing application pool runs must have privileges to create and modify the trace log file. --> <add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="F:\RunLog\DotNetCasClient.Log" traceOutputOptions="DateTime" /> </sharedListeners> <sources> <!-- Provides diagnostic information on module configuration parameters. --> <source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. --> <source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides protocol message and routing information. --> <source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides details on security operations and notable security conditions. --> <source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" > <listeners> <add name="TraceFile" /> </listeners> </source> </sources> <switches> <!-- Set trace switches to appropriate logging level. Recommended values in order of increasing verbosity: - Off - Error - Warning - Information - Verbose --> <!-- Config category displays detailed information about CasAuthenticationModule configuration. The output of this category is only displayed when the module is initialized, which happens for the first request following application/server startup. --> <add name="Config" value="Verbose"/> <!-- Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule. This category produces voluminous output in Verbose mode and should be avoided except for limited periods of time troubleshooting vexing integration problems. --> <add name="HttpModule" value="Verbose"/> <!-- Set to Verbose to display protocol messages between the client and server. This category is very helpful for troubleshooting integration problems. --> <add name="Protocol" value="Verbose"/> <!-- Displays important security-related information. --> <add name="Security" value="Verbose"/> </switches> </system.diagnostics> </configuration>
注意:我測試時直接訪問域名,不加具體的路徑會一直“循環重定向”,例如:http://192.168.101.109/SSOMvc,這樣測試的地址默認的defaultUrl爲Home/Index,如果直接訪問就會出現“循環重定向”,但是直接訪問http://192.168.101.109/SSOMvc/Home/Index在登錄後,重定向回來是正常的。但是在asp.net 中測試沒這個問題,只有mvc纔會碰到。
2014-11-26更新:後續重定向的問題在一位同事那裏得到了解決,在mvc中forms的屬性配置path=“/SSOMvc/”改爲“/SSOMvc”,據說跟casClientConfig的屬性serverName相對應,如果這裏的路徑最後面包含了斜槓,path的值中也應該包含。
