ASP.NET VB.NET远程登录门户设置 [英] ASP.NET VB.NET Remote Login Portal Setup
问题描述
技术 ASP.NET,VB.NET 2.0(即将成为4.0)
Technology ASP.NET, VB.NET 2.0 (soon to be 4.0)
概述 我正在编写一个Login/Authentication Portal,以便Web应用程序可以使用它来登录用户,然后他们可以使用其凭据来使用该应用程序.
Overview I'm writing a Login / Authentication Portal, so that a web application can use it to login a user, and then they can use the application using their credentials.
登录门户将是一个单独的应用程序,最初只能通过Extranet和Intranet用于某些应用程序;但是将来的应用将需要通过网络进行身份验证(很高兴将其实现为单独的实例).我基本上希望其他单个应用程序能够通过此门户对用户进行身份验证.
The login portal will be a separate application, and initially only available via an extranet as well as intranet for certain applications; but future apps will need to authenticate via the web (happy to implement as a separate instance). I basically want other individual applications to be able to authenticate users via this portal.
如此...
- 用户转到应用程序的网址(即www.application.com/ http://apps/application - Intranet),然后单击登录".
- 通过查询将用户的浏览器重定向到门户网站应用程序 细绳 www.loginportal.com/login.aspx?url=www.application.com/login.aspx (或其他页面).
- 用户填写其凭据(用户名,密码),然后单击 登录"按钮.
- 浏览器重定向回url,即www.applications.com/default.aspx或login.aspx,并经过身份验证和登录;并可以使用应用程序.
- A user goes to an application's web url (i.e. www.application.com / http://apps/application - intranet) and clicks "login".
- User's browser is redirected to the portal application, with a query string www.loginportal.com/login.aspx?url=www.application.com/login.aspx (or other page).
- User fills in their credentials (username, password), and clicks "login" button.
- Browser redirects back to url i.e. www.applications.com/default.aspx or login.aspx and is authenticated and logged in; and can use app.
已完成 我对身份验证本身进行了排序,并将通过dll在本地应用程序中实现为类库.
Completed I have the authentication itself sorted, and will implement as a class library in the local applications via a dll.
需要 所以我基本上需要知道如何:- 1.将数据发布到门户网站URL(可以是其他域). 2.使用帖子重定向浏览器. 3.确保身份验证是安全的,并且不容易被黑客入侵(我知道如何使用urlencode和htmlencode等)-只是不确定跨域发布数据的含义.
Need So I basically need to know, how to:- 1. Post data to the portal url (could be different domain). 2. Redirect browser with post. 3. Make sure that the authentication is secure, and not easily hackable (I know how to use urlencode and htmlencode etc) - just not sure about implications of posting data across domains.
任何帮助非常感激...
Any help greatly appreciated...
干杯, 邓肯
推荐答案
好的,所以这是我最终使用的解决方案:
OK, so this is the solution I ended up using:
在原始应用程序(需要身份验证的应用程序;上面的步骤1)中,我将用户重定向到我的登录门户,并将原始URL包含为get参数. 然后,用户输入其详细信息,用户名和密码.
In the original application (the one that needs the authentication; step 1 above) I redirect the user to my login portal, and include the original url as a get parameter. The user then types in their details, username and password.
接下来,服务器端代码对它们进行身份验证,然后重定向到新页面,在该页面中,我将包含请求日期时间(出于安全性)以及加密字符串(包括请求日期时间)的html形式发送回该页面.我要发送回原始表单的数据).
Next, the server-side code authenticates them, and redirects to a new page, where I send back to the page an html form which includes the request datetime (for security) along with a encrypted string (including the datetime of the request) of the data I want sent back to the original form.
我还添加了一个JavaScript post方法,该方法将数据作为表单发布发送到原始url.因为我在两端使用相同的类库,所以我可以使用相同的方法对数据进行加密和解密,并且原始请求应用程序具有所有用户数据,包括检查请求日期时间的能力(我允许从身份验证到原始应用提取之间的时间间隔,请确保在5分钟之内.
I also add a JavaScript post method which sends the data to the original url as a form post. Because I'm using the same class library at both ends, I can encrypt and decrypt the data using the same method and the original requesting application has all the user data, including the ability to check the datetime of the request (I allow a set amount of time between the authentication and the picking up by the original app, making sure these are within say 5 minutes.
工作完成了.
如果有人想要该代码,我可以提供它,只是暂时不带它,如果我记得我会张贴它.
If anyone wants the code, I can provide it, just don't have it with me at the moment, if I remember I'll post it.
这不是最优雅的解决方案,但是它可以工作并且安全,所以我很高兴. :).
Not the most elegant solution, but it works, and it's secure, so I'm happy. :).
这篇关于ASP.NET VB.NET远程登录门户设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
