[英]Get the domain of the website requesting to access another website
I have 2 different websites that need to be integrated. 我有2个需要整合的网站。 Let's name them, Web1 and Web2.
我们将它们命名为Web1和Web2。 I want to verify if the requesting Web1 is indeed the Web1 before allowing any access to Web2.
我想在允许对Web2的任何访问之前验证发出请求的Web1是否确实是Web1。
The Request.Url.Host will only get the domain of the current website. Request.Url.Host将仅获取当前网站的域。 What I need is to verify the domain of Web1 inside the Web2 C# codes.
我需要的是在Web2 C#代码中验证Web1的域。
Currently, this is how I called the Web2 from Web1. 当前,这就是我从Web1调用Web2的方式。
$("#btn").click(function() (
window.location.href = "http:\\Web2.com\Test"
)}
Thanks 谢谢
URL referrer and Origin header can be spoofed. URL引荐来源网址和Origin标头可以被欺骗。 So it's not reliable.
因此不可靠。
The only way I can see being able to come close to a reliable solution is to add in server-to-server communication to perform the hand-off between the two applications. 我看到能够接近可靠解决方案的唯一方法是添加服务器到服务器的通信以执行两个应用程序之间的切换。
So in your click event, these things would happen: 因此,在您的click事件中,将发生以下情况:
You'd still need some authentication in step 2 so that Web2 knows it's Web1 making the call, but at least that authentication is not being exposed to the browser. 您仍然需要在步骤2中进行一些身份验证,以便Web2知道是Web1在进行呼叫,但是至少该身份验证没有暴露给浏览器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.