简体繁体 English

以编程方式登录网站并将用户重定向到登录页面？

[英]Programmatically login to a website and redirect the user to the logged in page?

原文 2010-03-15 20:23:54 4 3 c#/ asp.net/ authentication/ post/ screen-scraping

Right now, I have all the employees of my company login to an external website using the company id, username and a password. 现在，我让公司的所有员工都使用公司ID，用户名和密码登录到外部网站。 We are trying to integrate it into an intranet portal which should provide seamless access to this website without requiring the user to enter these credentials. 我们正在尝试将其集成到Intranet门户中，该门户应提供对该网站的无缝访问，而无需用户输入这些凭据。

Is there any way of doing this programmatically (.NET C#)? 有什么方法可以通过编程（.NET C＃）来做到这一点？ Very similar to screenscraping, Can I simulate the appropriate POST action and then redirect the user to the logged in page? 与屏幕抓取非常相似，是否可以模拟适当的POST操作，然后将用户重定向到登录页面？

Any help is appreciated. 任何帮助表示赞赏。

Thanks. 谢谢。

3 个解决方案

You can make a <form> in your page that mirrors the external site's login form with the same action= attribute, then fill put and submit it using Javascript. 您可以在页面中创建一个<form> ，以使用相同的action=属性来镜像外部网站的登录表单，然后使用Javascript填写并提交。

Note that this requires that you send the user's password to the browser, which is never a good idea. 请注意，这要求您将用户密码发送到浏览器，这绝不是一个好主意。

You can certainly post to the external website, the tricky bit will come when you redirect the user there, because there'll be cookies restrictions I think. 您当然可以发布到外部网站，当您将用户重定向到外部网站时，棘手的事情就会出现，因为我认为存在cookie限制。

You might be able to do something with Javascript that makes the Client browser post directly to the third party with the correct credentials, look into jQuery's Post command. 您也许可以使用Java脚本执行某些操作，以使Client浏览器使用正确的凭据直接发布到第三方，然后查看jQuery的Post命令。

Assuming that the external website maintains sessions with cookies in some way, the problem is, your company website can't set a cookie, except from it's own domain, and the 3rd party website can't read cookies except from it's own domain, so you can't transfer or pass the cookie across to your users. 假设外部网站以某种方式维护与Cookie的会话，那么问题是，您的公司网站无法设置Cookie（除了从其自己的域中访问），而且第三方网站无法读取Cookie（除了从其自己的域中），因此您不能将Cookie转移或传递给您的用户。

The name for this technique is Single Sign-On . 该技术的名称是Single Sign-On 。 There's no one way to do it, but the emerging standard is called SAML . 没有一种方法可以做到，但是新兴的标准称为SAML 。 This requires participation on both parts (the originator and target website), so it's probably beyond your current purview. 这要求参与两个部分（发起者和目标网站），因此可能超出您当前的权限。

Like the other two answers have mentioned here, you can post a formatted request directly to the action of the login script, but I can tell you from experience that that solution will be brittle, that is, it will shatter the second the target website makes any changes. 就像这里提到的其他两个答案一样，您可以将格式化的请求直接发布到登录脚本的操作中，但是我可以从经验中告诉您，该解决方案将很脆弱，也就是说，它将粉碎目标网站执行的第二步任何变化。

Your best bet is to contact the administrator of the target website and ask if they have an SSO (Single Sign On) solution. 最好的选择是与目标网站的管理员联系，并询问他们是否具有SSO (Single Sign On)解决方案。