sso 需要 webservice吗
发布网友
发布时间:2022-04-21 15:20
共1个回答
热心网友
时间:2022-05-27 10:43
-------------------------------------------------------------------------
<%@ WebService Language="C#" CodeBehind="~/App_Code/sso.cs" Class="sso" %>
ssoWebMethod/web.config
<?xml version="1.0"?>
<!--
注意: 除了手动编辑此文件以外,您还可以使用
Web 管理工具来配置应用程序的设置。可以使用 Visual Studio 中的
“网站”->“Asp.Net 配置”选项。
设置和注释的完整列表在
machine.config.comments 中,该文件通常位于
/Windows/Microsoft.Net/Framework/v2.x/Config 中
-->
<configuration>
<appSettings>
<add key="ClientIPZone" value="201.224.133.123" />
</appSettings>
<connectionStrings>
<add name="ssoDatabase" connectionString="server=222.222.222.222;database=db_sso;uid=sso2;pwd=sz22223121;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--
设置 compilation debug="true" 将调试符号插入
已编译的页面中。但由于这会
影响性能,因此只在开发过程中将此值
设置为 true。
-->
<compilation debug="true"/>
<!--
通过 <authentication> 节可以配置 ASP.NET 使用的
安全身份验证模式,
以标识传入的用户。
-->
<authentication mode="Windows"/>
<!--
如果在执行请求的过程中出现未处理的错误,
则通过 <customErrors> 节可以配置相应的处理步骤。具体说来,
开发人员通过该节可以配置
要显示的 html 错误页
以代替错误堆栈跟踪。
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<customErrors mode="Off"></customErrors>
</system.web>
</configuration>
----------------------------------------------------------------------------------------------
ssoWebMethod/App_Code/sso.cs
using System;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Configuration;
using System.Xml;
using System.IO;
/// <summary>
/// SSO系统
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class sso : System.Web.Services.WebService
{
public sso()
{
//如果使用设计的组件,请取消注释以下行
//InitializeComponent();
}
#region public
/// <summary>
/// 获取用户在应用系统中的登录帐号(密码暂时不返回)
/// 返回noneLogin表示未登录,此时转入应用系统对应的登录页面..
/// </summary>
/// <param name="Token"></param>
/// <returns></returns>
[WebMethod]
public String GetLoginByToken(String Token)
{
//根据Token读取对应的原业务系统的登录用户名与密码,并加密返回
String result = "noneLogin";
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
String sql;
sql = "SELECT AppsUsers.AppLoginId ";
sql += "FROM AppToken ";
sql += "INNER JOIN AppsUsers ";
sql += "ON AppToken.AppId = AppsUsers.AppId AND AppToken.ssoUserId = AppsUsers.ssoUserId ";
sql += "WHERE AppToken.Token = @Token";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add(new SqlParameter("@Token", Token));
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
//result = "LoginId=" + dr["AppLoginId"].ToString().Trim() + ";LoginPwd=" + dr["AppPassword"].ToString().Trim();
result = dr["AppLoginId"].ToString().Trim();
}
dr.Dispose();
cmd.Dispose();
}
return result;
}
/// <summary>
/// 删除令牌。
/// 成功返回true,否则返回false
/// </summary>
/// <param name="Token"></param>
/// <returns></returns>
[WebMethod]
public Boolean TokenLost(String Token)
{
Boolean result = false;
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
String sql = "DELETE FROM AppToken WHERE Token = @Token";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add(new SqlParameter("@Token", Token));
Int32 line = cmd.ExecuteNonQuery();
if (line == 1)
{
result = true;
}
cmd.Dispose();
}
return result;
}
/// <summary>
/// 激活单点登录
/// </summary>
/// <param name="AppId">应用系统标识,由SSO开发人员提供</param>
/// <param name="ssoUserId">单点登录ID号(局内用户列表ID,下拉列表选择)</param>
/// <param name="LoginId">应用系统登录帐号</param>
/// <param name="ClientIP">激活客户端IP地址</param>
/// <returns>返回提示信息字符串</returns>
[WebMethod]
public String SSOActive(String AppId, String ssoUserId, String LoginId)
{
//1.判断对应的系统,用户是否已激活过
Int32 result = m_CheckAppsUsers(AppId, LoginId);
if (result == -1)
{
return "Web Service执行错误,请联络技术支持.";
}
else if (result == 1)
{
return "该帐户已经是单点登录帐户,不用再次激活.";
}
//2.激活
Boolean active = m_InsertAppsUsers(AppId, Convert.ToInt32(ssoUserId), LoginId);
if (!active)
{
return "帐号激活失败,请联络技术支持.";
}
return "单点登录已激活";
}
/// <summary>
/// 获取局内用户列表,激活必须选择一个用户名
/// 填充一个DropDownList,用于选择用户名
/// </summary>
/// <returns></returns>
[WebMethod]
public XmlNode GetSSOUsers()
{
DataTable dt = m_GetSSOUsers();
String xmlstr = m_GetXmlStrFromDataTable(dt);
XmlDocument doc = new XmlDocument();
doc.LoadXml(xmlstr);
dt.Dispose();
return doc;
}
/// <summary>
/// 判断客户端IP地址是否为局内IP地址段
/// true为局内IP,false局外IP
/// </summary>
/// <param name="ClientIP">客户端IP地址</param>
/// <returns></returns>
[WebMethod]
public Boolean CheckIP(String ClientIP)
{
//判断IP是否为本局IP,否则不能激活
if (ClientIP.IndexOf(ClientIPZone) == -1)
{
return false;
}
return true;
}
#endregion
#region private
/// <summary>
/// 检查帐号是否已经激活
/// </summary>
/// <param name="AppId">应用系统标识,由SSO开发人员提供</param>
/// <param name="AppLoginId">应用系统登录帐号</param>
/// <returns>-1表示WEB方法执行失败,0表示未激活,1表示已激活</returns>
private Int32 m_CheckAppsUsers(String AppId, String AppLoginId)
{
Int32 result = -1;
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
String sql;
sql = "SELECT * FROM AppsUsers ";
sql += "WHERE AppId = @AppId AND AppLoginId = @AppLoginId";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add(new SqlParameter("@AppId", AppId));
cmd.Parameters.Add(new SqlParameter("@AppLoginId", AppLoginId));
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
result = 1;
}
else
{
result = 0;
}
dr.Dispose();
cmd.Dispose();
}
return result;
}
/// <summary>
/// 新增帐号关联
/// </summary>
/// <param name="AppId"></param>
/// <param name="ssoUserId"></param>
/// <param name="AppLoginId"></param>
/// <returns></returns>
private Boolean m_InsertAppsUsers(String AppId, Int32 ssoUserId, String AppLoginId)
{
Boolean result = false;
SqlConnection conn = null;
SqlTransaction trans = null;
try
{
conn = new SqlConnection(ConnectionString);
conn.Open();
trans = conn.BeginTransaction();
SqlCommand cmd = new SqlCommand();
cmd.Transaction = trans;
cmd.Connection = conn;
cmd.CommandType = CommandType.Text;
//新增应用程序激活
String sql;
sql = "INSERT INTO AppsUsers(AppId, ssoUserId, AppLoginId) ";
sql += "VALUES(@AppId, @ssoUserId, @AppLoginId)";
cmd.CommandText = sql;
cmd.Parameters.Add(new SqlParameter("@AppId", AppId));
cmd.Parameters.Add(new SqlParameter("@ssoUserId", ssoUserId));
cmd.Parameters.Add(new SqlParameter("@AppLoginId", AppLoginId));
cmd.ExecuteNonQuery();
////更新单点登录密码
//sql = "UPDATE ssoUsers SET ssoPassword = @ssoPassword WHERE ssoUserId = @ssoUserId";
//cmd.CommandText = sql;
//cmd.Parameters.Clear();
//cmd.Parameters.Add(new SqlParameter("@ssoPassword", ssoPassword));
//cmd.Parameters.Add(new SqlParameter("@ssoUserId", ssoUserId));
//cmd.ExecuteNonQuery();
trans.Commit();
cmd.Dispose();
result = true;
}
catch
{
