使用Javascript生成SASL MD5摘要以使用Active Directory进行身份验证?
[英]Using Javascript to generate SASL MD5 digest to authenticate with Active Directory?
问题描述
I have a web application that requires users to login. 
我有一个Web应用程序,要求用户登录。 I want to authenticate them on the company's Active Directory domain. 我想在公司的Active Directory域上对它们进行身份验证。
I have a working mechanism working where I can require credentials using HTTP Basic authentication, and then use python's ldap.sasl package to create an MD5 digest and pass that to the AD server for authentication. 我有一个工作机制工作,我可以使用HTTP基本身份验证要求凭据,然后使用python的ldap.sasl包创建MD5摘要并将其传递给AD服务器进行身份验证。
The problem with HTTP Basic is that for a time, my application code will possess a cleartext password - I'm a trustworthy guy, of course, but this won't fly with the security team. HTTP Basic的问题是,有一段时间,我的应用程序代码将拥有一个明文密码 - 当然,我是一个值得信赖的人,但这不会与安全团队一起飞行。
I could require a HTTPS Digest Authentication from the browser, but I can't re-use that MD5 digest for authenticating with Active Directory (or can I?). 我可能需要从浏览器进行HTTPS摘要式身份验证,但我无法重新使用该MD5摘要进行Active Directory身份验证(或者我可以吗?)。
Does some client-side (javascript) logic exist out there that lets me generate a MD5 digest that I can pass directly to Active Directory ? 有一些客户端(javascript)逻辑存在,让我生成一个MD5摘要,我可以直接传递给Active Directory?
1 个解决方案
解决方案1
0 2016-01-14 19:33:43
Here's a JavaScript library that can do MD5 hashes: https://code.google.com/p/crypto-js/ . 这是一个可以执行MD5哈希的JavaScript库: https : //code.google.com/p/crypto-js/ 。
Not sure how this will alleviate the concerns of your security team as you still need the clear text password in your JavaScript app. 由于您仍需要JavaScript应用中的明文密码,因此不确定这将如何缓解您的安全团队的担忧。
Also, be aware that doing crypto in the browser comes with a bunch of risks. 另外,请注意在浏览器中进行加密会带来一系列风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.