lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-07-17 01:46:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

!9 拿掉地址栏Token,感觉特别不安全。

Browse Source 
Merge pull request !9 from 四色鬼/4.0
This commit is contained in:
四色鬼 2018-01-01 22:52:06 +08:00 committed by 李玉宝
commit 089c6b2669
4 changed files with 150 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
OpenAuth.App/SSO/SSOController.cs
View File

@ -32,16 +32,7 @@ namespace OpenAuth.App.SSO
//Token by QueryString
var request = filterContext.HttpContext.Request;
if (request.QueryString[Token] != null)
{
token = request.QueryString[Token];
var cookie = new HttpCookie(Token, token)
{
Expires = DateTime.Now.AddDays(10)
};
filterContext.HttpContext.Response.Cookies.Add(cookie);
}
else if (request.Cookies[Token] != null) //从Cookie读取Token
if (request.Cookies[Token] != null) //从Cookie读取Token
{
token = request.Cookies[Token].Value;
}

29
OpenAuth.Mvc/Controllers/LoginController.cs
View File

@ -3,6 +3,7 @@ using System.Configuration;
using System.Web.Mvc;
using Infrastructure;
using OpenAuth.App.SSO;
using System.Web;
namespace OpenAuth.Mvc.Controllers
{
@ -24,9 +25,17 @@ namespace OpenAuth.Mvc.Controllers
try
{
var result = AuthUtil.Login(_appKey, username, password);
if (result.Code ==200)
if (result.Code == 200)
{
resp.Result = "/home/index?Token=" + result.Token;
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
resp.Result = "/home/index";
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else
{
@ -48,9 +57,19 @@ namespace OpenAuth.Mvc.Controllers
{
try
{
var result = AuthUtil.Login(_appKey, "System","123456");
if (result.Code ==200)
return Redirect("/home/index?Token=" + result.Token);
var result = AuthUtil.Login(_appKey, "System", "123456");
if (result.Code == 200)
{
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
return Redirect("/home/index");
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else
{
return RedirectToAction("Index", "Login");

9
OpenAuth.WebApi/Web.config
View File

@ -109,12 +109,13 @@
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
<provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d">
</provider></providers>
<provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
</providers>
</entityFramework>
<system.data>
<system.data>
<DbProviderFactories>
<remove invariant="MySql.Data.MySqlClient" />
<add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
</DbProviderFactories>
</system.data></configuration>
</system.data>
</configuration>

14
OpenAuth.WebTest/Controllers/LoginController.cs
View File

@ -1,6 +1,8 @@
using System.Configuration;
using System.Web.Mvc;
using OpenAuth.App.SSO;
using System.Web;
using System;
namespace OpenAuth.WebTest.Controllers
{
@ -19,7 +21,17 @@ namespace OpenAuth.WebTest.Controllers
{
var result = AuthUtil.Login(_appKey, username, password);
if (result.Code == 200)
return Redirect("/home/index?Token=" + result.Token);
{
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
return Redirect("/home/index");
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else
{
return View(result);