| With the rapid development of the network, the combination of people's lives, work and entertainment with the network becomes more and more closely. The network has been deeply affected people's lifestyle. The network brings great convenience, but also people suffering from network attacks, the risk of information being leaked. Information security issues become more and more prominent. Network applications use authentication and access control technology to ensure the security of application system. The management of a large number of accounts and every access to a new application system will be carried out once authenticated to make people feel inconvenient. In this case, single sign-on technology came into being. It can resolve the information security issues of application, and can also resolve the issue of managing multiple accounts, allow users to smooth access to each application. There are two main single sign-on technologies, one is script-based; the other is based on access ticket. Single sign-on technologies based on access ticket can be divided into the cookie-based and protocol-based. Protocol-based single sign-on solution has the great advantage in terms of security, ease of use and scope of application,it gradually becomes the mainstream of single sign-on technologies. SAML is currently the most important single sign-on protocol.In this thesis, for applications with different characteristics, different single sign-on solutions have been proposed. First, an extension about ASP.NET authentication and access control technologies has been implemented. SAML-based single sign-on functionality has been implemented in ASP.NET. The mapping relationship has been established between the account on authentication system and the account on the various application systems. This can solve the problem of the conversion between user account in the certification system and the various application systems. Users in various applications no longer use a single account, but each system has a separate account. An authentication module has been add to ASP.NET, each application can choose the account of the certification system or the local system account to authorized, remote authorization system can also be called by the application system to authorize. Second, for existing applications that can not be changed or applications that rely on the IIS7to authenticate, this paper presents a pluggable single sign-on solution; the plug-in can change the flow of requests and responses. Through the deployment of this plug-in, will enable the original system to achieve single sign-on function.In this thesis, the above solutions have been implemented, this verify the feasibility of the above solutions. With these two solutions, for the system that will be developing, an integrated single sign-on framework can be used; for existing systems that can not be changed or systems that rely on the IIS7to authenticate, a plug-in can be used.Through the deployment of this plug-in, will enable existing systems to achieve single sign-on. |
PDF Full Text Request