ASP - 生物认证 [英] ASP - Biometric Authentication
问题描述
干杯,
我们开始在我们的网络系统中实施生物认证,来到一个疑问。我们要使用第三方解决方案来执行这是怎么回事它通过Web服务调用。
有将要进行4种认证
- 经常之一:用户名/密码
- 挑战
- 指纹
- 手机
所有用户都会使用的 1 的认证。或者,他们中的一些也可能需要的 2 的 3 或 4 的什么是验证的身份验证类型的好方法需要为特定用户?
这对我来说是新的东西。起初,我想过从登录页面传递的用户名到Web服务,这将查询数据库检查该身份验证类型需要该用户。然后,根据结果,第二认证形式将显示在屏幕上。显然,用户点击提交按钮后,会进行一些额外的检查。
我在正确的道路上,或者有更好的方案来解决这个?
谢谢,
我想这会工作。也许这是一个选项,以做一些查询在后台(AJAX?)时,用户名填写,这样你就可以额外的输入动态地添加到您的登录表单。
但是,这有一个潜在的问题:大家都知道那别人的用户名可以找出需要什么认证。如果你想要的是不是笏,也许只是要求一个用户名+密码登录到降低privelege模式。然后,你在你的问题建议,这减少了privelege模式可能需要额外的凭据才能继续到更安全的环境。
您甚至可以使它所以降低privelege模式将允许访问的一些功能,而有些则需要额外的验证(例如:张贴mesage需要基本身份验证,更改密码可能会要求所有四个)。
Cheers,
We started implementing biometrics authentication in our web system and came to a doubt. We're going to use a third-party solution for performing it which is going to be called via a web service.
There are going to be four kinds of authentication:
- Regular one: username/password
- Challenge
- Fingerprint
- Cellphone
All users will be authenticated using 1. Optionally, some of them may also require 2, 3 or 4. What would be a good way of verifying which authentication type is required for a specific user?
This is something new for me. Initially, I thought about passing the username from the login page to a web service, which would query the database to check which authentication type is required for this user. Then, depending on the result, the second authentication form would be shown on the screen. Obviously, some extra check would be performed after the user hit the Submit button.
Am I on the right path, or there are better solutions for this?
Thanks,
I guess that would work. Maybe it is an option to do some sort of query in the background (AJAX?) when the username is filled in, so you can dynamically add extra inputs to your login form.
However, this has one potential issue: everybody that knows someone 's username can find out what authentication is required. If that is not wat you want, maybe just ask for a username + password to login to a reduced privelege mode. Then, as you suggested in your question, this reduced privelege mode may require extra credentials to continue to the more secure environment.
You could even make it so the reduced privelege mode will grant access to some of the features, while others require extra authentication (for example: posting a mesage would require basic auth, changing passwords might require all four).
这篇关于ASP - 生物认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
