单一登录ASP.NET和PHP
[英]Single Sign-On ASP.NET and PHP
问题描述
We have a site made in .NET 3.5 with a multiplexed membership/role provider, and a connected PHP site (on a different server) which uses the same users (or partly atleast) and we are looking into the posibility of using a single sign-on and i'm wondering if others have done something like this that works. 
我们有一个.NET 3.5中的站点,具有多个成员资格/角色提供程序,以及一个连接的PHP站点(在不同的服务器上),该站点使用相同的用户(或至少部分用户),并且我们正在研究使用单个符号的可能性-on,我想知道其他人是否做了这样的工作。
When the PHP site's authentication is done it sets a session variable with the user id and then redirects the user to the start page. 完成PHP站点的身份验证后,它将使用用户ID设置会话变量,然后将用户重定向到起始页面。
In the future it's meant that the user always logins on the ASP.NET site, so what i've done is trying to authenticate on the PHP site at the same time as the ASP.NET. 将来,这意味着用户总是登录ASP.NET站点,因此我要做的是尝试与ASP.NET同时在PHP站点上进行身份验证。 To be able to use the user's password i've added the logic on the ValidateUser method in the membershipprovider: 为了能够使用用户的密码,我在Membershipprovider中的ValidateUser方法上添加了逻辑:
HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;
string data = string.Format("username={0}&password={1}", MembershipHelper.UrlEncode(username), MembershipHelper.UrlEncode(password));
req.Method = WebRequestMethods.Http.Post;
req.ContentLength = data.Length;
req.ContentType = "application/x-www-form-urlencoded";
req.AllowAutoRedirect = false;
req.CookieContainer = new CookieContainer();
StreamWriter w = new StreamWriter(req.GetRequestStream());
w.Write(data);
w.Close();
But as you can understand, it doesn't work. 但是如您所知,它不起作用。 When i visit the php site i'm still not logged in, which of course have something to do with the session, but i just can't figure out how to transfer it correctly. 当我访问php网站时,我仍未登录,这当然与会话有关,但是我只是不知道如何正确传输它。
1 个解决方案
解决方案1
3 2009-10-05 13:26:51
The code you've shown performs a server side request to the PHP site and passes the username and password in order to perform the authentication. 您显示的代码向PHP站点执行服务器端请求,并传递用户名和密码以执行身份验证。 You are also using a cookie container in order to store the session cookie issued by the PHP site. 您还使用Cookie容器来存储PHP网站发布的会话Cookie。
If the authentication succeeds you will have to retrieve the session cookie from the container (using the GetCookies method) and send it in the response of the ASP.NET page (using AppendCookie ). 如果认证成功,你就必须获取从容器中的会话cookie(使用的getCookies方法),并在ASP.NET页面(使用的响应发送AppendCookie )。 This way the cookie will be stored on the client browser (instead of the temporary cookie container). 这样,cookie将存储在客户端浏览器中(而不是临时cookie容器中)。 Once the cookie is stored in the user's browser it will be automatically sent along the next request to the PHP site (provided this site is on the same domain as your ASP.NET site) and you will be signed in. 一旦将cookie存储在用户的浏览器中,它将沿着下一个请求自动发送到PHP站点(前提是该站点与ASP.NET站点位于同一域),并且您将登录。
If both sites are hosted on different domains then using cookies to perform single sign-on might be trickier. 如果两个站点都托管在不同的域上,则使用cookie进行单点登录可能会比较棘手。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.