Jwt is separated into three parts by the symbol ".".
HEADER:token header, which describes the type and encryption method of token and converts json content into base64.
Payload: Content is exposed information, and sensitive information cannot be stored. Change json content to base64.
SIGNATURE: signature, which encrypts the header and payload information according to the encryption method of the token header to generate a signature. The following is the introduction of official website, address: https://jwt.io/.
Jwt's token cannot be tampered with. Although the contents of the first two parts can be read in plain text after decoding by base64, the contents of the first two parts need to be re-encrypted when verifying whether they are consistent with the original signature because the third part of the signature is encrypted with the key. If the content is tampered with, the verification of two inconsistent signatures will fail.
Question 1: Systems of the same company, if each system has its own user name and password, then users remember.
You have a big head. So at this time, an authentication center was created, and all systems used the same set of user information to log in at the same place.
Question 2: It is ok to use the same set of user information, but if you want to access various systems, you still have to log in once, which is very troublesome. So here we need to log in in one place, log in anywhere, log in to one of the systems, and log in to other systems without logging in.
The effect is shown in the figure below.
The user's token after logging into sso center can be used at both sites A and B, and the sites A and B and sso center can identify whether the token is valid by themselves without communication.
How to connect sites and sso in series? The specific process is that users open site A and find that they are not logged in. Then site A will jump to the sso center to log in and bring its own URL. After the sso center logs in successfully, he will jump back to the website's own website and take the token with him.
Site A logged in successfully, so how can site B * * * enjoy this token? In practice, when the sso center successfully logs in, it saves a token to a cookie (or localstorage, etc.). ). When the user enters site B and finds that he is not logged in, jump to the website of sso center. When the sso center finds that the cookie has a token, it directly jumps back to the url of site B and brings the token, so that site B can realize * * * sharing and automatically log in.
Create a new AuthenticationCenter project.
Create a new AuthenticatinController controller.
View login view
Other related categories
The login function of sso above is completed, and you can get the token by opening the login page.
Create a new website a
Modify the startup.cs file and add the ConfigureServices method.
Add the Configure method.
Create a new UserController.
Other related categories
The key should be the same as that of sso center. The above 5000 port is sso port, and port 2727 1 is site port.