lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-09-20 02:29:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

拿掉地址栏Token,因为特别不安全。

Browse Source 
小王,xxx系统的地址是多少。。。然后账号就泄露了

缺点是Token不能跨域。

OpenAuth.WebApi\Web.config
修改一个provider标签MySql.Data.MySqlClient
使用vs自带功能整理了一下格式。
This commit is contained in:
小色
2017-12-24 17:55:02 +08:00
parent b96a5630f9
commit ffb40b28c1
4 changed files with 150 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
OpenAuth.Mvc/Controllers/LoginController.cs
View File

@@ -3,6 +3,7 @@ using System.Configuration;
using System.Web.Mvc;
using Infrastructure;
using OpenAuth.App.SSO;
using System.Web;
namespace OpenAuth.Mvc.Controllers
{
@@ -24,9 +25,17 @@ namespace OpenAuth.Mvc.Controllers
try
{
var result = AuthUtil.Login(_appKey, username, password);
if (result.Code ==200)
if (result.Code == 200)
{
resp.Result = "/home/index?Token=" + result.Token;
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
resp.Result = "/home/index";
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else
{
@@ -48,9 +57,19 @@ namespace OpenAuth.Mvc.Controllers
{
try
{
var result = AuthUtil.Login(_appKey, "System","123456");
if (result.Code ==200)
return Redirect("/home/index?Token=" + result.Token);
var result = AuthUtil.Login(_appKey, "System", "123456");
if (result.Code == 200)
{
var cookie = new HttpCookie("Token", result.Token)
{
Expires = DateTime.Now.AddDays(10)
};
Response.Cookies.Add(cookie);
return Redirect("/home/index");
///拿掉地址栏Token因为特别不安全。
///小王xxx系统的地址是多少。。。然后账号就
}
else
{
return RedirectToAction("Index", "Login");