在代碼中
Security是通過Hash一個隨機產生的數字生成的
具有不確定性
和保密性
我們可以看到
Security同時保存在Session中和發送給Service
我們把這個Security當作明文
在後面我們可以看到
Security在Service經過再一次Hash後作為密文發送回Shop
如果我們將Session保存的Security經過同樣的Hash方法處理後等到的字符串如果和Service返回的密文相同
我們就能夠在一定程度上保證Service應答的數據是沒有經過修改的
using System;
using System
Web;
using System
Security
Cryptography;
using System
Text;
namespace Amethysture
SSO
Shop
{
public class Page : System
Web
UI
Page
{
private void CustomerValidate()
{
bool Pass = (bool) this
Session[
Pass
];
if (!Pass)
{
string Security =
;
Random Seed = new Random();
Security = Seed
Next(
int
MaxValue)
ToString();
byte[] Value;
UnicodeEncoding Code = new UnicodeEncoding();
byte[] Message = Code
GetBytes(Security);
SHA
Managed Arithmetic = new SHA
Managed();
Value = Arithmetic
ComputeHash(Message);
Security =
;
foreach(byte o in Value)
{
Security += (int) o +
O
;
}
this
Session[
Security
] = Security;
this
Session[
Url
] = this
Request
RawUrl;
this
Response
Redirect(Project
Service +
/Validate
aspx?WebSite=
+ Project
WebSite +
&Security=
+ Security);
}
}
protected virtual void Initialize()
{
this
Response
Write(
<html>
);
this
Response
Write(
<head>
);
this
Response
Write(
<title>Amethysture SSO Project</title>
);
this
Response
Write(
<link rel=stylesheet type=\
text/css\
href=\
+ project
website +
/Default
css\
>
);
this
Response
Write(
</head>
);
this
Response
Write(
<body>
);
this
Response
Write(
<iframe width=\
\
height=\
\
src=\
+ project
service +
/Customer
aspx\
></iframe>
);
this
Response
Write(
<div align=\
center\
>
);
this
Response
Write(
Amethysture SSO Shop Any Page
);
this
Response
Write(
</div>
);
this
Response
Write(
</body>
);
this
Response
Write(
</html>
);
}
protected override void OnInit(EventArgs e)
{
base
OnInit(e);
this
CustomerValidate();
this
Initialize();
this
Response
End();
}
}
}
Service的Globalcs
現在我們頁面轉到了Service的Validate頁面我們轉過來看Service的代碼在Global中我們同樣定義了四個Session變量都和Shop的Session用處類似WebSite是保存請求用戶即時狀態的站點信息以便能在登錄後返回正確的請求站點
protected void Session_Start(Object sender EventArgs e)
{
thisSessionAdd(UserID );
thisSessionAdd(Pass false);
thisSessionAdd(WebSite );
thisSessionAdd(Security );
}
[] [] [] [] []
From:http://tw.wingwit.com/Article/program/net/201311/14963.html