From ffb40b28c140edf4e96f069482e2e13daeefc8a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=89=B2?= <sex@jermey.cn>
Date: Sun, 24 Dec 2017 17:55:02 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8B=BF=E6=8E=89=E5=9C=B0=E5=9D=80=E6=A0=8FTo?=
 =?UTF-8?q?ken=EF=BC=8C=E5=9B=A0=E4=B8=BA=E7=89=B9=E5=88=AB=E4=B8=8D?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E3=80=82=20=E5=B0=8F=E7=8E=8B=EF=BC=8Cxxx?=
 =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E7=9A=84=E5=9C=B0=E5=9D=80=E6=98=AF=E5=A4=9A?=
 =?UTF-8?q?=E5=B0=91=E3=80=82=E3=80=82=E3=80=82=E7=84=B6=E5=90=8E=E8=B4=A6?=
 =?UTF-8?q?=E5=8F=B7=E5=B0=B1=E6=B3=84=E9=9C=B2=E4=BA=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

缺点是Token不能跨域。

OpenAuth.WebApi\Web.config
修改一个provider标签MySql.Data.MySqlClient
使用vs自带功能整理了一下格式。
---
 OpenAuth.App/SSO/SSOController.cs             |  11 +-
 OpenAuth.Mvc/Controllers/LoginController.cs   |  29 ++-
 OpenAuth.WebApi/Web.config                    | 223 +++++++++---------
 .../Controllers/LoginController.cs            |  14 +-
 4 files changed, 150 insertions(+), 127 deletions(-)

diff --git a/OpenAuth.App/SSO/SSOController.cs b/OpenAuth.App/SSO/SSOController.cs
index 0911556d..432b596e 100644
--- a/OpenAuth.App/SSO/SSOController.cs
+++ b/OpenAuth.App/SSO/SSOController.cs
@@ -32,16 +32,7 @@ namespace OpenAuth.App.SSO
 
             //Token by QueryString
             var request = filterContext.HttpContext.Request;
-            if (request.QueryString[Token] != null)
-            {
-                token = request.QueryString[Token];
-                var cookie = new HttpCookie(Token, token)
-                {
-                    Expires = DateTime.Now.AddDays(10)
-                };
-                filterContext.HttpContext.Response.Cookies.Add(cookie);
-            }
-            else if (request.Cookies[Token] != null)  //从Cookie读取Token
+            if (request.Cookies[Token] != null)  //从Cookie读取Token
             {
                 token = request.Cookies[Token].Value;
             }
diff --git a/OpenAuth.Mvc/Controllers/LoginController.cs b/OpenAuth.Mvc/Controllers/LoginController.cs
index f3744fda..29948afc 100644
--- a/OpenAuth.Mvc/Controllers/LoginController.cs
+++ b/OpenAuth.Mvc/Controllers/LoginController.cs
@@ -3,6 +3,7 @@ using System.Configuration;
 using System.Web.Mvc;
 using Infrastructure;
 using OpenAuth.App.SSO;
+using System.Web;
 
 namespace OpenAuth.Mvc.Controllers
 {
@@ -24,9 +25,17 @@ namespace OpenAuth.Mvc.Controllers
             try
             {
                 var result = AuthUtil.Login(_appKey, username, password);
-                if (result.Code ==200)
+                if (result.Code == 200)
                 {
-                    resp.Result = "/home/index?Token=" + result.Token;
+
+                    var cookie = new HttpCookie("Token", result.Token)
+                    {
+                        Expires = DateTime.Now.AddDays(10)
+                    };
+                    Response.Cookies.Add(cookie);
+                    resp.Result = "/home/index";
+                    ///拿掉地址栏Token，因为特别不安全。
+                    ///小王，xxx系统的地址是多少。。。然后账号就
                 }
                 else
                 {
@@ -48,9 +57,19 @@ namespace OpenAuth.Mvc.Controllers
         {
             try
             {
-                var result = AuthUtil.Login(_appKey, "System","123456");
-                if (result.Code ==200)
-                    return Redirect("/home/index?Token=" + result.Token);
+                var result = AuthUtil.Login(_appKey, "System", "123456");
+                if (result.Code == 200)
+                {
+
+                    var cookie = new HttpCookie("Token", result.Token)
+                    {
+                        Expires = DateTime.Now.AddDays(10)
+                    };
+                    Response.Cookies.Add(cookie);
+                    return Redirect("/home/index");
+                    ///拿掉地址栏Token，因为特别不安全。
+                    ///小王，xxx系统的地址是多少。。。然后账号就
+                }
                 else
                 {
                     return RedirectToAction("Index", "Login");
diff --git a/OpenAuth.WebApi/Web.config b/OpenAuth.WebApi/Web.config
index a256e112..aaa575e1 100644
--- a/OpenAuth.WebApi/Web.config
+++ b/OpenAuth.WebApi/Web.config
@@ -4,117 +4,118 @@
   http://go.microsoft.com/fwlink/?LinkId=301879
   -->
 <configuration>
-  <configSections>
-    <section name="autofac" type="Autofac.Configuration.SectionHandler, Autofac.Configuration" />
-    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
-    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
-  
-    <sectionGroup name="enyim.com">
-      <section name="memcached" type="Enyim.Caching.Configuration.MemcachedClientSection, Enyim.Caching" />
-    </sectionGroup>
-  </configSections>
-  
-  <connectionStrings>
-	  <!--MSSQL数据库-->
-	  <add name="OpenAuthDBContext" connectionString="Data Source=.;Initial Catalog=OpenAuthDB;Persist Security Info=True;User ID=sa;Password=000000;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />
+	<configSections>
+		<section name="autofac" type="Autofac.Configuration.SectionHandler, Autofac.Configuration" />
+		<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
+		<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
 
-	  <!--MySQL数据库-->
-	  <!--<add name="OpenAuthDBContext" connectionString="server=127.0.0.1;user id=root;persistsecurityinfo=True;database=openauthdb;password=root" providerName="MySql.Data.MySqlClient" />-->
-  </connectionStrings>
+		<sectionGroup name="enyim.com">
+			<section name="memcached" type="Enyim.Caching.Configuration.MemcachedClientSection, Enyim.Caching" />
+		</sectionGroup>
+	</configSections>
 
-  <enyim.com>
-    <memcached protocol="Binary">
-      <servers>
-        <add address="127.0.0.1" port="11211" />
-      </servers>
-    </memcached>
-  </enyim.com>
-  
-  <appSettings>
-    <add key="webpages:Version" value="3.0.0.0" />
-    <add key="webpages:Enabled" value="false" />
-    <add key="ClientValidationEnabled" value="true" />
-    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
-    <!--登录超时时间-->
-    <add key="AUTH_COOKIE_TIMEOUT_IN_MINUTES" value="5" />
-  </appSettings>
+	<connectionStrings>
+		<!--MSSQL数据库-->
+		<add name="OpenAuthDBContext" connectionString="Data Source=.;Initial Catalog=OpenAuthDB;Persist Security Info=True;User ID=sa;Password=000000;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />
 
-  <system.web>
-    <compilation debug="true" targetFramework="4.5" />
-    <httpRuntime targetFramework="4.5" />
-  </system.web>
-  <system.webServer>
-    <handlers>
-      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
-      <remove name="OPTIONSVerbHandler" />
-      <remove name="TRACEVerbHandler" />
-      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
-    </handlers>
-  </system.webServer>
-  <runtime>
-    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-      <dependentAssembly>
-        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
-        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-3.5.0.0" newVersion="3.5.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
-      </dependentAssembly>
-    </assemblyBinding>
-  </runtime>
-  <system.codedom>
-    <compilers>
-      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
-      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
-    </compilers>
-  </system.codedom>
-  <entityFramework>
-    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
-      <parameters>
-        <parameter value="mssqllocaldb" />
-      </parameters>
-    </defaultConnectionFactory>
-    <providers>
-      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
-    <provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d">
-      </provider></providers>
-  </entityFramework>
-<system.data>
-    <DbProviderFactories>
-      <remove invariant="MySql.Data.MySqlClient" />
-      <add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
-    </DbProviderFactories>
-  </system.data></configuration>
\ No newline at end of file
+		<!--MySQL数据库-->
+		<!--<add name="OpenAuthDBContext" connectionString="server=127.0.0.1;user id=root;persistsecurityinfo=True;database=openauthdb;password=root" providerName="MySql.Data.MySqlClient" />-->
+	</connectionStrings>
+
+	<enyim.com>
+		<memcached protocol="Binary">
+			<servers>
+				<add address="127.0.0.1" port="11211" />
+			</servers>
+		</memcached>
+	</enyim.com>
+
+	<appSettings>
+		<add key="webpages:Version" value="3.0.0.0" />
+		<add key="webpages:Enabled" value="false" />
+		<add key="ClientValidationEnabled" value="true" />
+		<add key="UnobtrusiveJavaScriptEnabled" value="true" />
+		<!--登录超时时间-->
+		<add key="AUTH_COOKIE_TIMEOUT_IN_MINUTES" value="5" />
+	</appSettings>
+
+	<system.web>
+		<compilation debug="true" targetFramework="4.5" />
+		<httpRuntime targetFramework="4.5" />
+	</system.web>
+	<system.webServer>
+		<handlers>
+			<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
+			<remove name="OPTIONSVerbHandler" />
+			<remove name="TRACEVerbHandler" />
+			<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
+		</handlers>
+	</system.webServer>
+	<runtime>
+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+			<dependentAssembly>
+				<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
+				<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
+				<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" />
+				<bindingRedirect oldVersion="0.0.0.0-3.5.0.0" newVersion="3.5.0.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+				<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+				<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+				<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
+			</dependentAssembly>
+		</assemblyBinding>
+	</runtime>
+	<system.codedom>
+		<compilers>
+			<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
+			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
+		</compilers>
+	</system.codedom>
+	<entityFramework>
+		<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
+			<parameters>
+				<parameter value="mssqllocaldb" />
+			</parameters>
+		</defaultConnectionFactory>
+		<providers>
+			<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
+			<provider invariantName="MySql.Data.MySqlClient" type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
+		</providers>
+	</entityFramework>
+	<system.data>
+		<DbProviderFactories>
+			<remove invariant="MySql.Data.MySqlClient" />
+			<add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.9.8.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
+		</DbProviderFactories>
+	</system.data>
+</configuration>
\ No newline at end of file
diff --git a/OpenAuth.WebTest/Controllers/LoginController.cs b/OpenAuth.WebTest/Controllers/LoginController.cs
index 430a6271..e4c4160d 100644
--- a/OpenAuth.WebTest/Controllers/LoginController.cs
+++ b/OpenAuth.WebTest/Controllers/LoginController.cs
@@ -1,6 +1,8 @@
 using System.Configuration;
 using System.Web.Mvc;
 using OpenAuth.App.SSO;
+using System.Web;
+using System;
 
 namespace OpenAuth.WebTest.Controllers
 {
@@ -19,7 +21,17 @@ namespace OpenAuth.WebTest.Controllers
         {
             var result = AuthUtil.Login(_appKey, username, password);
             if (result.Code == 200)
-                return Redirect("/home/index?Token=" + result.Token);
+            {
+
+                var cookie = new HttpCookie("Token", result.Token)
+                {
+                    Expires = DateTime.Now.AddDays(10)
+                };
+                Response.Cookies.Add(cookie);
+                return Redirect("/home/index");
+                ///拿掉地址栏Token，因为特别不安全。
+                ///小王，xxx系统的地址是多少。。。然后账号就
+            }
             else
             {
                 return View(result);
-- 
Gitee