堆栈内存溢出
  简体   繁体   English

重用表单身份验证Cookie

[英]Reuse forms authentication cookie

 原文  2015-10-15 23:11:14       php/ asp.net/ asp.net-mvc/ cookies/ forms-authentication

问题描述

I have a slightly strange scenario, but a problem that needs solving all the same! 我有一个稍微奇怪的场景,但是这个问题需要全部解决!

Please note, the websites described below are on different top level domains 请注意,以下所述的网站位于不同的顶级域中

I have two web applications, 1 ASP.NET MVC, and another in PHP, both on separate domains. 我有两个Web应用程序,一个是ASP.NET MVC,另一个是PHP,都在单独的域中。 Lets call them asp.com and php.com. 让我们称它们为asp.com和php.com。 Users authenticate on asp.com, and therefore have an authcookie set by ASP.NET. 用户在asp.com上进行身份验证,因此具有由ASP.NET设置的authcookie。

Now the php.com website fetches data via a rest service from asp.com. 现在,php.com网站通过rest服务从asp.com获取数据。 This rest service authenticates via the same mechanism, so when I call this rest service via javascript JSONP from php.com it works fine. 该rest服务通过相同的机制进行身份验证,因此当我通过php.com的javascript JSONP调用此rest服务时,它可以正常工作。 However I wish to call the same REST service from the server in PHP. 但是我希望从PHP服务器中调用相同的REST服务。

Is it possible to somehow get the asp.com website to copy and set an authcookie for php.com (the domain is known and trusted), and then in the PHP code pass this cookie on to athenticate against the REST service on asp.com? 是否有可能以某种方式使asp.com网站复制并为php.com设置authcookie(该域是已知且受信任的),然后在PHP代码中将此cookie传递给asp.com上的REST服务?

It doesn't need to be the exact AUTH cookie, I could create a new cookie with the relevant session key, an long as a valid authcookie could be created and submitted to the REST service. 它不必是确切的AUTH cookie,只要可以创建有效的authcookie并将其提交给REST服务,我就可以使用相关的会话密钥创建一个新的cookie。

Questions 问题

  1. Is this possible? 这可能吗?
  2. How do I set the cookie for php.com in asp.com? 如何在asp.com中为php.com设置cookie?
  3. Short of one of the domains becoming compromised, are there any security concerns? 如果其中一个域遭到破坏,是否存在安全方面的担忧?

1 个解决方案

解决方案1
 1 已采纳  2015-10-16 00:06:50

  1. No 没有

  2. The first site, asp.com, will have to redirect to a page in php.com. 第一个站点asp.com将必须重定向到php.com中的页面。 Then php.com can set the cookie itself, and redirect back to asp.com. 然后php.com可以设置cookie本身,然后重定向回asp.com。

  3. Yes, which is why you can't do it. 是的,这就是为什么您不能这样做。

Also, see this answer . 另外,请参阅此答案

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 重用cookie cURL PHP - Reuse cookie cURL PHP HybridAuth身份验证Cookie - HybridAuth authentication cookie WordPress外部Cookie身份验证 - WordPress External Cookie Authentication 运行curl_multi_init()并重用cookie - Run curl_multi_init() and reuse the cookie 表单身份验证重定向页面 - Forms Authentication Redirect Page 用于表单和身份验证的PHP令牌 - PHP Tokens for Forms and Authentication Cookie令牌身份验证登录方法 - Cookie token authentication login method 登录后重定向cookie,如何处理表格? - redirect cookie after logging in, how to deal with forms? Spring WS客户端设置用于身份验证的cookie - Spring WS client set cookie for authentication React + Laravel + Sanctum 用于 api 令牌认证(不是 cookie) - React + Laravel + Sanctum for api token authentication(NOT cookie)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM