[英]How to implement SSO (Single Sign On) for a WinForms app and SQL Server
We have a WinForms application that uses SQL server to store its data. 我们有一个WinForms应用程序,它使用SQL服务器来存储其数据。 To authenticate the application users, we are using SQL Server to do the authentication.
要对应用程序用户进行身份验证,我们使用SQL Server进行身份验证。 The user must have a username/password that exists on the database server to be able to log in.
用户必须具有数据库服务器上存在的用户名/密码才能登录。
So far so good. 到现在为止还挺好。
Now one of our customers wants us to implement single sign on. 现在,我们的一位客户希望我们实施单点登录。 They want to be able to start our app without entering any username/password, they want to use Windows to authenticate the user.
他们希望能够在不输入任何用户名/密码的情况下启动我们的应用程序,他们希望使用Windows来验证用户身份。
Do you have any advice about how we could implement this? 您对我们如何实现这一点有什么建议吗?
See this article WinForms App Single Sign On in 2 Lines of Code . 请参阅本文WinForms App单点登录2行代码 。
Many developers are unaware of two information rich objects available to them for role-based validation and that can also be leveraged to verify authenticated access, essentially single sign on (SSO), to their application because the user has already logged onto the desktop.
许多开发人员不知道可用于基于角色的验证的两个信息丰富的对象,并且还可以利用这些对象来验证对其应用程序的经过身份验证的访问(实质上是单点登录(SSO)),因为用户已经登录到桌面。 These are the WindowPrincipal and WindowsIdentity objects.
这些是WindowPrincipal和WindowsIdentity对象。 The purpose of this screencast is to demystify how to leverage the rich information these objects provide – starting with just 2 lines of code.
这个截屏视频的目的是揭开如何利用这些对象提供的丰富信息的神秘面纱 - 从2行代码开始。
I'd say using active directory and SSPI (aka trusted connections). 我会说使用活动目录和SSPI(也称为可信连接)。 This would normally make use of kerberos authentication.
这通常会使用kerberos身份验证。
If you have a notion of a user in your database such as a Users
table you can add another column or have a separate table to store that user's domain login name (eg, johnsmith@somedomain.example). 如果数据库中有用户的概念,例如
Users
表,则可以添加另一列,或者使用单独的表来存储该用户的域登录名(例如,johnsmith @ somedomain.example)。 You more commonly see somedomain\\johnsmith, but the @ method is the newer, prefered representation. 你更常见的是somedomain \\ johnsmith,但@ method是更新的,首选的表示。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.