lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-11-10 03:14:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

!9 拿掉地址栏Token,感觉特别不安全。

Browse Source 
Merge pull request !9 from 四色鬼/4.0
This commit is contained in:
四色鬼
2018-01-01 22:52:06 +08:00
committed by 李玉宝
parent 55667dbd7e ffb40b28c1
commit 089c6b2669
4 changed files with 150 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
OpenAuth.App/SSO/SSOController.cs
View File

@@ -32,16 +32,7 @@ namespace OpenAuth.App.SSO
//Token by QueryString //Token by QueryString
var request = filterContext.HttpContext.Request; var request = filterContext.HttpContext.Request;
if (request.QueryString[Token] != null) if (request.Cookies[Token] != null) //从Cookie读取Token
{
token = request.QueryString[Token];
var cookie = new HttpCookie(Token, token)
{
Expires = DateTime.Now.AddDays(10)
};
filterContext.HttpContext.Response.Cookies.Add(cookie);
}
else if (request.Cookies[Token] != null) //从Cookie读取Token
{ {
token = request.Cookies[Token].Value; token = request.Cookies[Token].Value;
} }

23
OpenAuth.Mvc/Controllers/LoginController.cs
View File

@@ -3,6 +3,7 @@ using System.Configuration;
using System.Web.Mvc; using System.Web.Mvc;
using Infrastructure; using Infrastructure;
using OpenAuth.App.SSO; using OpenAuth.App.SSO;
using System.Web;
namespace OpenAuth.Mvc.Controllers namespace OpenAuth.Mvc.Controllers
{ {
@@ -26,7 +27,15 @@ namespace OpenAuth.Mvc.Controllers
var result = AuthUtil.Login(_appKey, username, password); var result = AuthUtil.Login(_appKey, username, password);
if (result.Code == 200) if (result.Code == 200)
{ {
resp.Result = "/home/index?Token=" + result.Token;
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
resp.Result = "/home/index";
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
} }
else else
{ {
@@ -50,7 +59,17 @@ namespace OpenAuth.Mvc.Controllers
{ {
var result = AuthUtil.Login(_appKey, "System", "123456"); var result = AuthUtil.Login(_appKey, "System", "123456");
if (result.Code == 200) if (result.Code == 200)
return Redirect("/home/index?Token=" + result.Token); {
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
return Redirect("/home/index");
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else else
{ {
return RedirectToAction("Index", "Login"); return RedirectToAction("Index", "Login");

7
OpenAuth.WebApi/Web.config
View File

@@ -109,12 +109,13 @@
</defaultConnectionFactory> </defaultConnectionFactory>
<providers> <providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
<provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"> <provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
</provider></providers> </providers>
</entityFramework> </entityFramework>
<system.data> <system.data>
<DbProviderFactories> <DbProviderFactories>
<remove invariant="MySql.Data.MySqlClient" /> <remove invariant="MySql.Data.MySqlClient" />
<add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" /> <add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
</DbProviderFactories> </DbProviderFactories>
</system.data></configuration> </system.data>
</configuration>

14
OpenAuth.WebTest/Controllers/LoginController.cs
View File

@@ -1,6 +1,8 @@
using System.Configuration; using System.Configuration;
using System.Web.Mvc; using System.Web.Mvc;
using OpenAuth.App.SSO; using OpenAuth.App.SSO;
using System.Web;
using System;
namespace OpenAuth.WebTest.Controllers namespace OpenAuth.WebTest.Controllers
{ {
@@ -19,7 +21,17 @@ namespace OpenAuth.WebTest.Controllers
{ {
var result = AuthUtil.Login(_appKey, username, password); var result = AuthUtil.Login(_appKey, username, password);
if (result.Code == 200) if (result.Code == 200)
return Redirect("/home/index?Token=" + result.Token); {
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
return Redirect("/home/index");
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else else
{ {
return View(result); return View(result);