lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-09-18 17:48:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

拿掉地址栏Token,因为特别不安全。

Browse Source 
小王,xxx系统的地址是多少。。。然后账号就泄露了

缺点是Token不能跨域。

OpenAuth.WebApi\Web.config
修改一个provider标签MySql.Data.MySqlClient
使用vs自带功能整理了一下格式。
This commit is contained in:
小色
2017-12-24 17:55:02 +08:00
parent b96a5630f9
commit ffb40b28c1
4 changed files with 150 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
OpenAuth.App/SSO/SSOController.cs
View File

@@ -32,16 +32,7 @@ namespace OpenAuth.App.SSO
//Token by QueryString
var request = filterContext.HttpContext.Request;
if (request.QueryString[Token] != null)
{
token = request.QueryString[Token];
var cookie = new HttpCookie(Token, token)
{
Expires = DateTime.Now.AddDays(10)
};
filterContext.HttpContext.Response.Cookies.Add(cookie);
}
else if (request.Cookies[Token] != null) //从Cookie读取Token
if (request.Cookies[Token] != null) //从Cookie读取Token
{
token = request.Cookies[Token].Value;
}