Rails和ASP.NET单一登录
[英]Rails and ASP.NET Single Sign-On
问题描述
I have an ASP.NET app which uses forms auth, and stores the credentials in a table - pretty vanilla. 
我有一个ASP.NET应用程序,该应用程序使用表单身份验证,并将凭据存储在一个表中-很漂亮。 Since I know how the password is hashed, can I somehow share the forms auth cookie with Rails, effectively creating a single sign-on? 由于我知道密码是如何哈希的,我可以以某种方式与Rails共享表单身份验证cookie,从而有效地创建单个登录吗? Both web apps will live in the same domain. 这两个Web应用程序将位于同一域中。
2 个解决方案
解决方案1
7 2010-11-18 01:25:47
You can share the ASP.NET Forms Auth Cookie with Rails, but you'll have to decrypt it on the Rails side. 您可以与Rails共享ASP.NET Forms Auth Cookie,但必须在Rails端对其进行解密。 Maybe it's too much trouble. 也许太麻烦了。
A simpler solution is to skip .NET Forms Authentication Ticket and persist your own auth ticket (cookie) on both sides, using the encryption algorithm you want and the same salt among the two platforms. 一种更简单的解决方案是跳过.NET Forms身份验证票证,并使用所需的加密算法和两个平台之间的相同盐,在两侧保留自己的身份验证票证(cookie) 。 The salt can be saved on the database or a physical file, if they reside on the same disk. 盐可以保存在数据库或物理文件中(如果它们位于同一磁盘上)。
An example: 一个例子:
C# side: C#端:
public class MyTicket {
...
public string ToSerializableFormat() {
return String.Format("{0}|{1}", t.Username, t.somethingElseYouNeed);
}
public static MyTicket Parse(string value) {
var vals = value.Split('|');
return MyTicket(values[0], values[1]);
}
}
Somewhere else in your application, replacing the FormsAuthentication.Encrypt and FormsAuthentication.Decrypt calls: 在应用程序中的其他位置,替换FormsAuthentication.Encrypt和FormsAuthentication.Decrypt调用:
string MakeTicket(MyTicket t) {
return EncryptSomehow(key, t.ToSerializableFormat());
}
MyTicket ReadTicket(string cookieValue) {
return MyTicket.Parse( DecryptSomehow(key, cookieValue) );
}
And the Ruby-equivalent would be: 相当于Ruby的是:
class MyTicket
def to_serializable_format
"#{@username}|#{@something_else}"
end
def self.parse(value)
values = value.split '|'
MyTicket.new(*values)
end
end
Somewhere in your Rails code you'll decrypt and encrypt the auth cookie. 在Rails代码中的某处,您将解密和加密auth cookie。 Use the same name on both sides. 双方使用相同的名称。
Profit. 利润。
解决方案2
0 2010-11-18 01:02:38
I don't know about sharing the auth cookie -- that would probably be difficult. 我不知道共享auth cookie,这可能很困难。 But sharing the identity information would be pretty simple. 但是共享身份信息将非常简单。
I would write a user model in Rails that acts as an adapter to your existing identity table, using the establish_connection trick: 我会写在Rails中充当一个适配器将现有的身份表,使用的用户模型establish_connection招:
class User < ActiveRecord::Base
establish_connection(
{ :adapter => "mysql",
:database => "db_name",
:host => "db.example.com",
:username => "user",
:password => "password" })
end
this will make the User model connect to a different db. 这将使用户模型连接到其他数据库。 Event better, you could add another entry in database.yml and load it here. 如果情况更好,您可以在database.yml添加另一个条目并在此处加载。
Then, you would simply need to overload the accessor functions to deal with the non-standard schema. 然后,您只需要重载访问器函数即可处理非标准架构。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.