PHP和ASP.NET在同一IIS服务器上的通信
[英]Communication between PHP and ASP.NET on the same IIS Server
问题描述
We have the following setup: 
我们有以下设置:
-Windows 2008 R2 Standard. -Windows 2008 R2标准版。
-ASP.NET Web Application deployed on Microsoft IIS 7.5 Web Server. -ASP.NET Web应用程序部署在Microsoft IIS 7.5 Web服务器上。
-PHP Version 5.4.21 Non Threaded 32-bit version -PHP版本5.4.21非线程32位版本
-WISP (Windows, IIS, SQL Server/Express, and PHP) stack and an ASP.NET web application HTTPS ( SSL ) -WISP(Windows,IIS,SQL Server / Express和PHP)堆栈和ASP.NET Web应用程序HTTPS(SSL)
We will ultimately deploy an ASP.NET Web Application and a PHP Web Application on the Same IIS Server. 我们最终将在同一IIS服务器上部署一个ASP.NET Web应用程序和一个PHP Web应用程序。
User will first log on to the ASP.NET Web Application, but we want the user to be able to navigate between the ASP.NET Web Application and the PHP Web Application back and forth with ease. 用户将首先登录到ASP.NET Web应用程序,但是我们希望用户能够轻松地在ASP.NET Web应用程序和PHP Web应用程序之间来回导航。
We are planning to implement REST-based Web Services on the ASP.NET Web Application side and PHP Application side. 我们计划在ASP.NET Web应用程序端和PHP应用程序端实现基于REST的Web服务。
The User login Framework is only on the ASP.NET Web Application side( for those familiar with ASP.NEt technologies, we are using ASP.NET Membership Framework). 用户登录框架仅位于ASP.NET Web应用程序端(对于熟悉ASP.NEt技术的人,我们正在使用ASP.NET成员资格框架)。
As I mentioned before, User will first log on to the ASP.NET Web Application, but we want the user to be able to navigate between the ASP.NET Web Application and the PHP Web Application back and forth with ease. 如前所述,用户将首先登录ASP.NET Web应用程序,但我们希望用户能够轻松地在ASP.NET Web应用程序和PHP Web应用程序之间来回导航。
Do we have to Reauthenticate the user whenever he/she navigates over from ASP.NET side to PHP side and vice versa? 每当用户从ASP.NET端导航到PHP端,反之亦然时,我们是否必须重新认证用户?
Would it be reasonably secure enough to just pass over the login cookie( "Security token") when user navigates over from ASP.NET side to PHP side and vice versa? 当用户从ASP.NET端导航到PHP端,反之亦然时,仅传递登录cookie(“安全令牌”)是否足够合理?
Please feel free to suggest alternatives to the approach mentioned above( for example, some people told me to use Memcached technology to share session information between the ASP.NET Web Application and the PHP Web Application. Is Memcached Technology better than using Web Services? ) 请随意提出上述方法的替代方案(例如,有些人告诉我使用Memcached技术在ASP.NET Web应用程序和PHP Web应用程序之间共享会话信息。Memcached技术是否比使用Web Services更好?)
1 个解决方案
解决方案1
1 2013-11-18 21:59:59
I successfully implemented the exact same thing as you describe, but in the reverse direction. 我成功实现了与您描述的完全相同的操作,但方向相反。 The users would authenticate on the PHP side (an existing legacy site), and we would just pickup the security token via cookie and just read against the same database to make sure the token was still valid. 用户将在PHP端(一个现有的旧站点)上进行身份验证,而我们只是通过cookie获取安全令牌,并针对同一数据库进行读取以确保该令牌仍然有效。 Worked without a problem for a site supporting several hundred regular users per day. 对于每天支持数百名普通用户的网站而言,工作正常。 In our case the PHP servers and the ASP.NET servers were actually even hosted in separate facilities. 在我们的案例中,PHP服务器和ASP.NET服务器实际上甚至托管在单独的设施中。
Note that the use of a cookie based security token (session token) is commonplace. 请注意,基于cookie的安全性令牌(会话令牌)的使用很常见。 You do not have to do anything extra to have your users browsers maintain and send you the token as long as the domain does not change from the browsers point of view, or you properly set the path for the cookies when you do your authentication. 只要域从浏览器的角度来看没有变化,或者您在进行身份验证时正确设置了cookie的路径,您就不必做任何其他事情来让用户浏览器维护并向您发送令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.