如何进行websocket身份验证?
[英]How to make websocket authentication?
问题描述
I work on web application and I want to have live notifications to a user via websockets. 
我正在使用Web应用程序,并且希望通过websocket向用户发送实时通知。 These notifications should be received only by a user whose notifications belong to. 这些通知应仅由其通知所属的用户接收。 I wonder if it's good idea to pass an temporary authentication token (which would be unique for a user) to javascript and the script connects to websocket server and pass the authtoken as a parameter to make a handshake. 我不知道将临时身份验证令牌(对于用户而言是唯一的)传递给javascript,并将脚本连接到websocket服务器并将authtoken作为参数进行握手是否是一个好主意。 Is it secure solution to pass auth token to javascript and then login via websocket using this authentication token? 将身份验证令牌传递给javascript,然后使用此身份验证令牌通过websocket登录是否安全? Of course web app is secured by ssl and web socket server also. 当然,Web应用程序也受SSL和Web套接字服务器的保护。
1 个解决方案
解决方案1
0 2014-10-10 13:37:26
You can try 你可以试试
User authenticate to Web app Server
Web app Server will generate 1 Key Code for this session ( Maybe Md5 with salt is username) if user are valid
Web app Server send this key to Web Socket server
Web app Server send this key to client-side
Client will send this key to websocket server to authenticate
If socket contained this key -> user is valid -> OK, continue to transfer data between socket and client, Else Web socket server will stop this connection.
It will be secure because authenticate key is unique and SSL will make it be better. 这是安全的,因为身份验证密钥是唯一的,而SSL会使它变得更好。 Hope it'll help you. 希望对您有帮助。 And this was our solution for building a FOREX System : Authenticate via CAS ( Single Sign ON ) and Websocket to send the index data. 这就是我们构建FOREX系统的解决方案:通过CAS(单点登录)和Websocket进行身份验证以发送索引数据。 In our case, CAS server will generate 1 Single Sign On ID, and we use it to validate. 在我们的例子中,CAS服务器将生成1个单一登录ID,我们将使用它进行验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.