在经典 ASP 和 ASP.Net 之间共享登录系统 [英] Sharing login-system between classic ASP and ASP.Net
问题描述
客户使用经典 ASP 登录到其基于 Web 的后台.
A client uses classic ASP to log in to their web based backoffice.
我已经编写了一个新的 ASP.Net 应用程序以包含在后台,我需要利用现有的登录系统,这样当他们在那里登录时,他们不需要再次登录新的 ASP.Net 应用程序.
I have written a new ASP.Net app to be included in the backoffice, and I need to utilize the already existing login-system, so that when they are logged in there, they don't need to log in again in the new ASP.Net app.
登录名和密码以明文形式存储在 SQL Server 数据库中,我可以从我的 ASP.Net 应用程序访问.
Logins and passwords are stored as clear text in a SQL Server db, that I can access from my ASP.Net app.
集成这些系统的有效方法是什么?
What would be an effective way to integrate these systems?
我目前最好的想法是:在指向我的 ASP.Net 应用程序的链接中,我链接到一个网关"登录页面,其中包含他们的用户 ID 和查询字符串中的散列密码 + 通用密码.然后我将它与数据库中用户的密码进行比较......但问题是,如果这个查询字符串被截获,它可以用于访问 asp.net 站点,而实际上并不知道用户名和密码......
My current best idea is: In the link to my ASP.Net app, I link to a "gateway" login-page with their userid and a hashed password + common secret in the querystring. I then compare this to the password of the user in the database... But the problem is, that if this querystring is intercepted, it can be used to access the asp.net site, without actually knowing the username and password...
我很可能忽略了一些简单的事情.
I am most likely overlooking something simple.
推荐答案
我认为你的想法是正确的.
I think your idea is on the right path.
您可能已经知道,经典的 asp 和 asp.net 不能共享相同的会话状态,因此您确实需要一种机制来从一个登录到另一个.
As you probably already know, classic asp and asp.net cannot share the same session state, so you do need to have a mechanism to log from one into the other.
我要做的是:当有人登录时,为该用户创建一个唯一的 GUID,并将其保存在数据库中.当您从一个站点跳转到另一个站点时,将该 GUID 传递到查询字符串中.当您尝试将它们自动登录到其他站点时,请查看该 GUID 并查看它是否附加到任何人.如果是,请登录.
What I would do is: when someone logs in, create a unique GUID that you save in the database for that user. When you jump from one site to the other, pass that GUID into the query string. When you try to auto-log them into the other site, look up that GUID and see if it's attached to anyone. If it is, log them in.
这样您就不会传递任何用户可能猜到或解密的内容.
This way you aren't passing anything that a user could guess or decrypt.
这篇关于在经典 ASP 和 ASP.Net 之间共享登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
