Identity Authentication System Based On ISAPI

Along with the rapid development of e-commerce and office information, more and more companies have established a large number of special purpose information systems. These applications to the people working and living convenient but also require must remember different application systems, user name, password information, and therefore put forward the concept of single sign-on. The commonly used Web single sign-on protocol is the SAML protocol. But this agreement is to be successful there is a critical problem to be solved:how to make existing Web applications with single sign-on system integration. Web applications use the authentication protocol, usually HTTP authentication protocol, and sometimes also uses Forms authentication. In this paper, the solution is to run on IIS Web applications and system integration issues based on the SAML protocol of a single point of login.Above the single sign-on integration issues, developed based on the ISAPI interface for IIS server plug-ins, the plug-in processing of HTTP request and response headers and content to achieve a single sign-on integration of systems and Web applications. Server plug-in design and implementation of this article is divided into two types:for HTTP authentication protocol plug-ins and plug-ins for Form authentication mode. Just for processing the HTTP request and response headers for the HTTP authentication protocol plug-ins, so only use the ISAPI filter. ISAPI filter as a server plug-completed mission:to intercept the HTTP request headers and request headers to be related to treatment (such as adding a certified head); to intercept the HTTP response headers and response headers and dealt with accordingly (such as an external redirect, set the Cookie information, etc.). For Forms authentication plug-ins not only to the HTTP request and response headers are processed, but also to modify the submitted POST body, so this plug-in the use of ISAPI filters and wildcard application. The ISAPI filter is still intercept the HTTP request and response headers to be processed; Wildcard application to complete the modification of the body. Implementation of the above two kinds of plug-ins to solve the Web applications running on the IIS server and the SAML protocol-based single point of sign-on system integration issues.Successfully solve the most complex, most difficult problem in the single sign-on applications:authentication mechanism that does not change the original Web application system under the premise of Web applications with single sign-on system integration issues.