从我的网站自动登录到另一个网站 [英] Automatic login from my website to another website

问题描述

大家好，



我是新来的，我无法通过自动登录功能在我的网页上运行外部网站。



我正在创建一个网站，我想在我的aspx网页上实现不同的网站链接，如果我点击一个链接然后相应的网站在我的网页上的iframe中运行输入登录信息..直接登录到外部网站的索引页面。

Hi All,

I am new here and I am not able to achieve the functionality to run an external website on my web page with auto login feature.

I am creating a website and i want to implement the different websites link on my aspx webpage if i clicked on a link then corresponding website run in an iframe on my webpage without entering the login info..direct login to the index page of external website.

推荐答案

通常，手动身份验证意味着用户填写一些Web表单并点击提交按钮。它发送HTTP请求（通常使用方法POST）;用户将通过身份验证。



您可以使用类 System.Net.HttpWebRequest 以编程方式执行所有操作：

http://msdn.microsoft.com/en -us / library / system.net.webrequest.aspx [ ^ ]，

http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.aspx [ ^ ]。



这是凭证信息的方式已设定;请参阅代码示例：

http：// msdn.microsoft.com/en-us/library/system.net.httpwebrequest.credentials.aspx [ ^ ]。



现在，我担心的是潜力安全漏洞。如果网站不相关（我猜你无法访问需要身份验证的网站，只能在客户网站上工作），这意味着你可能想在客户网站上存储密码。在普通的安全模式中，密码永远不会存储在任何地方。身份验证绝对不需要。通常，存储其加密散列函数并使其不可行以获得对该存储具有完全访问权限的人的原始密码。这些在过去的答案中有解释：

以安全的方式存储密码值int sql server [ ^ ]，

解密加密密码 [ ^ ]，

我已经加密了我的密码但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

使用用户名和密码进行TCP连接 [ ^ ]。



因此，理想情况下，您需要在客户端计算散列密码并将其发布，但需要彻底研究如何在服务器站点的身份验证页面上发送身份验证请求。

-SA

Normally, "manual" authentication means that the user fill in some Web form and hit the "Submit" button. It sends HTTP request (usually with the method "POST"); and the user becomes authenticated.

You can do all the same programmatically using the class System.Net.HttpWebRequest:
http://msdn.microsoft.com/en-us/library/system.net.webrequest.aspx[^],
http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.aspx[^].

This is how credential information is set; please see the code sample:
http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.credentials.aspx[^].

Now, my concern would be a potential security leak. If the sites are unrelated (I would guess that you don''t have access to the site requiring authentication and work only at the "client" site), it means that you may be tempted to store a password in your "client" site. In a normal security schema, a password is never stored anywhere. It is absolutely not needed for authentication. Usually, its cryptographic hash function is stored and it makes it infeasible to obtain an original password, for a person who has full access to the storage. This is explained in these past answers:
storing password value int sql server with secure way[^],
Decryption of Encrypted Password[^],
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
TCP Connection with username and password[^].

So, ideally, you would need to calculate the hashed password on the client side and post it, but it requires thorough research on how authentication request is sent on the authentication page of your "server" site.

—SA

这篇关于从我的网站自动登录到另一个网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！