从Windows应用程序打开网页 [英] Open web page from windows application

问题描述

在我们公司中，我们同时使用Windows应用程序和Web应用程序.要登录两个应用程序，都使用相同的用户名和密码.因此，一旦我通过使用表单中的用户名和密码登录到Windows表单，便有了一个链接，可以转到我们的Web应用程序，应该使用Windows应用程序中使用的用户名和密码来自动登录该网站.如何使用安全性做到这一点

In our company we are using both windows application and web application. To login both application same username and password are using. So once I have logged in to windows form by using Username and password in the form I have a link to go to our web application it should be auto login to the website by using username and password used in windows application. How I can do this with security

推荐答案

从Windows应用程序登录系统时，您可以生成令牌(说，A GUID)，存储并将其与用户ID一起放入数据库，并将其保存在Windows应用程序内的变量中. You need to remove the token from the database user logs out.因此，只要用户从Windows应用程序登录到系统，令牌就有效.

现在，当您从Windows应用程序中单击Web应用程序的URL时，将发送带有QueryString的令牌.在Web应用程序中，您可以从QueryString中获取令牌并查询数据库以检索关联的用户.同样，您使用检索到的用户名和密码来调用该方法，该用户名和密码将用户登录到Web应用程序.

请注意，此方法存在安全问题.只要令牌在数据库中可用，如果任何人拦截请求并获取令牌并使用该特定令牌访问Web应用程序的URL，将能够访问Web应用程序.

为防止这种情况，您只需要确保在获取请求URL中的令牌后立即将其从数据库中删除，并与数据库中的现有令牌匹配并登录到Web应用程序即可.在这种情况下，黑客将无法使用他/她刚刚拦截的令牌访问系统.

祝你好运.

When you log onto your system from the windows application, you can generate a token (Say, A GUID), store it into the database along with the user ID, and keep it in a variable inside the windows application. You need to remove the token from the database user logs out. So, the token is valid as long as user is logged onto the system from the windows application.

Now, when you click the Web application''s URL from the windows application, you send the token with the QueryString. Within the web application, you get the token from the QueryString and query the database to retrieve the associated user. Also, you invoke the method with the retrieved user''s username and password that logs in a user into the web application.

Please note, there is a security issue with this approach. As long as the token is available in the database, if any one intercepts the Request and gets the Token and hits the web application''s URL with that particular token, will be able to access the web application.

To prevent that, you just need to make sure that you are deleting the token from the database as soon as you get the Token in the Request URL, match with the existing Token in the database and log onto the web application. In that case, hacker won''t be able to access the system with the Token that he/she just intercepted .

Good luck.

加密用户名和密码

通过URL发送.

检索加密的密钥，然后在Web应用程序中对其进行解密.
(但这并不安全)

为此，您需要知道加密和解密.在Google上搜索此内容.


希望这对您有帮助. :)

Encrypt the Username and password

Send it through URL.

Retrieve the encrypted key and decrypt it in the web application.
(This is not secure though)

For this you need to know to encrypt and decrypt. Search Google for this.


Hope this may help u. :)

我正在寻找相同的解决方案

I am looking for the same solution

这篇关于从Windows应用程序打开网页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！