图像服务器安全asp.net HTTP处理程序 [英] Image server security asp.net HTTP Handler
问题描述
我有两个Web应用程序。一个是中央镜像服务器。
假设他们是a.com和b.com
b.com是镜像服务器。
和a.com是我的应用程序托管。
我已经创建了OB b.com其处理请求并添加水印,并把它发送回a.aspx图像处理程序。
我传递的图像(绝对像 http://b.com/ImageHandler.ashx的路径? ID =图片网址)的处理器上b.com
现在我不能够对b.com
认证要求
现在我想处理程序是在b.com
应该是a.com
因为a.com我可以很容易地验证用户。
为此,我需要处理程序在两个a.com和b.com
或者是有,我可以验证在b.com用户的任何方式。
这对a.com会话。
我不能在b.com为每个请求访问数据库,因为请求图像的数量是非常大的。
希望我能够正确地解释我的问题。
I have two web application. One is for centralized Image server.
Suppose they are a.com and b.com
b.com is for image server.
and a.com is where my application is hosted.
I have created a handler for images ob b.com which process the request and add watermark and send it back to a.aspx.
I am passing the path of the image (absolute like http://b.com/ImageHandler.ashx?id=imageurl) to the Handler on b.com
Now I am not able to authenticate the request on b.com
Now I am thinking about Handler which is on b.com
should be on a.com
because at a.com I can easily authenticate user.
for this purpose do I need the handler at both a.com and b.com
or is there is any way that I can authenticate the user at b.com.
which has session on a.com.
I can not access the database for each request at b.com because the number of request for the images is very big.
Hope I am able to explain my problem correctly.
推荐答案
您需要先评估是否有意义有不同的域下的镜像服务器。如果它的所有关于共享多个站点之间同一code,那么你将通过把你在现场处理程序,并通过类库共享相关code更好。
You need to first evaluate whether it make sense to have image server under different domain. If its all about sharing the same code among multiple sites then you will be better off by putting you handler under site and sharing the relevant code via class library.
有可能在不同的领域有处理程序正当理由。例如,它可能需要不同程度的缩放,则其可能会消耗资源,并希望将其隔离在不同的机器(隔离不同的应用程序池下的同一个域是可能的),或因为一些发牌的问题(您要保存通过处理程序使用的一些库)的处理器的授权费用。
There can be legitimate reasons for having handler on different domain. For example, it might need different level of scaling, it might be resource-hungry and you want to isolate it to different machine (isolating to different app-pool is possible under same domain) or because of some licensing issue (you want to save processor based license cost of some library used by handler).
如果有将不同域,那么你可以让他们的子域。例如 - a.xyz.com和b.xyz.com。在这种情况下,相同的认证券(在父域即xyz.com授权)将能满足两者。见<一href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.cookiedomain.aspx\"相对=nofollow>站点属性窗体身份验证cookie 来控制。
If there are going to be different domain then you can have them as sub-domains. For example - a.xyz.com and b.xyz.com. In such case, same authentication ticket (issued at parent domain i.e. xyz.com) will suffice for both. See domain property for Forms Authentication Cookie to control this.
您还需要问,如果身份验证用于图像处理程序是有意义的。你希望它是开放或限制某些用户?如果您希望只有认证用户,并要支持多个应用程序,那么你正在寻找支持用户设置的多个应用程序。如果是同一个用户组(如活动目录),那么你的工作会更简单 - 有其车票将通过您的网站和所有其他应用程序[Windows身份验证的工作原理类似于基础上]被信任的单一身份验证提供者。
You also need to ask if authentication make sense for your image handler. Do you want it to be open or restricted to certain users? If you want only authenticated users and you want to support multiple applications then you are looking at supporting user sets of multiple applications. If it's the same user set (e.g. active directory) then your job will be simpler - have a single authentication provider whose ticket will be trusted by your site and all other applications [Windows Authentication works on similar basis].
如果其多样化的用户,那么它实质上意味着,对于图像服务器,您有需要信任的多个身份验证提供。你可能需要看一些联合身份系统 - 看到这样的一个基于.NET实现这里讨论: http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
If its diverse set of users then it essentially means that for image server, you have multiple authentication providers that you need to trusted. You probably need to look at some Federated Identity system - see one such .NET based implementation discussed here: http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
这篇关于图像服务器安全asp.net HTTP处理程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
