[英]Best way to authenticate users in a web application
I was looking at ways to authenticate users in a web app, but in a way where the main web app doesn't need to process the password. 我正在寻找在Web应用程序中验证用户身份的方法,但主要的Web应用程序不需要处理密码。 Something like OpenId, but the authentication server would definitely need to be hosted on an intranet, internet services can't be accessed by the application server.
像OpenId这样的东西,但是认证服务器肯定需要托管在内联网上,应用服务器无法访问互联网服务。
My environement is pretty much Java web apps, but it would be interesting to connect the system to other type of apps as well. 我的环境几乎是Java Web应用程序,但将系统连接到其他类型的应用程序也很有趣。
You could run your own OpenID server . 您可以运行自己的OpenID服务器 。
You didn't mention your environment, but another option is to use Windows Authentication with Active Directory if you're running in a Windows domain situation. 您没有提到您的环境,但如果您在Windows域中运行,则另一个选项是对Active Directory使用Windows身份验证。
Do you want to have single sign-on between applications? 您想在应用程序之间进行单点登录吗? (That is, if the same user is using more than one of your web apps, if they've logged in on one, they don't need to log in again when they move to another one.)
(也就是说,如果同一个用户使用多个Web应用程序,如果他们已经登录了一个,则当他们移动到另一个时,他们不需要再次登录。)
If so, there are several options, The one I've used extensively is CAS (the Central Authentication Service), which is widely used in educational institutions. 如果是这样,有几种选择,我广泛使用的是CAS (中央认证服务),它广泛用于教育机构。 It has a variety of client libraries for many languages, and the server part is Java.
它有许多语言的客户端库,服务器部分是Java。
This can of course be combined with LDAP to give both single sign-on and a single repository of user credentials. 这当然可以与LDAP结合使用,以提供单点登录和单个用户凭据存储库。
如果您不使用自己的OpenID服务器或Windows Active Directory,总会有某种LDAP 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.