堆栈内存溢出
  简体   繁体   English

ASP.NET 外部认证

[英]ASP.NET external authentication

 原文  2011-07-04 14:06:55       asp.net/ forms-authentication

问题描述

I have an asp.net application in which I have used forms authentication.我有一个 asp.net 应用程序,其中我使用了 forms 身份验证。

Now, there is a need that user authentication is done outside of my application.现在,需要在我的应用程序之外完成用户身份验证。 There will be an intro page which will do needed authentication.将有一个介绍页面,它将进行所需的身份验证。 Then, after authentication is successful user should be redirected to my app.然后,在身份验证成功后,用户应该被重定向到我的应用程序。

Of course, if user is not authenticated via that external page and tries to access my app directly, I need to redirect him back to this external log in page.当然,如果用户未通过该外部页面进行身份验证并尝试直接访问我的应用程序,我需要将他重定向回此外部登录页面。

What's the best way to implement such a functionality?实现这种功能的最佳方法是什么? One way which I think is feasible is that I transfer some particular encrypted string in cookie from external login page and verify it in my application.我认为可行的一种方法是,我从外部登录页面在 cookie 中传输一些特定的加密字符串,并在我的应用程序中验证它。 So, based on that, I can see if user is authenticated via this external page or not.因此,基于此,我可以查看用户是否通过此外部页面进行了身份验证。

4 个解决方案

解决方案1
 0  2011-07-04 14:11:45

Your own suggestion of validating the external site's cookie is how I would implement this functionality as well.您自己验证外部站点 cookie 的建议也是我将如何实现此功能的方式。

解决方案2
 0  2011-07-04 14:34:03

I would simply go with adding a Webservice in the first application that you in your stage can connect to a check if the user is logged in, the only problem with this is that you need to know which user whants access to your site and also to confirm that this is truly that user (So a user cant use other users who are logged in).我只想 go 在第一个应用程序中添加一个 Web 服务,您在您的阶段可以连接到检查用户是否已登录,唯一的问题是您需要知道哪个用户想要访问您的网站以及确认这确实是该用户(因此用户不能使用其他已登录的用户)。 This info could probably be sent via a cookie.此信息可能通过 cookie 发送。

解决方案3
 0  2011-07-04 14:41:55

You probably should no be rolling your own single sign on solution in 2011. Rather, you should look at some emerging standards -- particularly OAuth and OpenID .您可能不应该在 2011 年推出自己的单点登录解决方案。相反,您应该查看一些新兴标准——尤其是OAuthOpenID Getting rolling with them is easy -- check out the OpenID website template on MSDN.使用它们很容易——查看 MSDN 上的OpenID 网站模板

解决方案4
 0  2011-07-18 14:10:22

At the end we decided to use SAML 2.0 protocol.最后我们决定使用 SAML 2.0 协议。

External login page posts SAML complient XML digitally signed with certificate to other application.外部登录页面将 SAML 兼容 XML 用证书数字签名发布到其他应用程序。 In this XML authenticated username is transferred.在此 XML 中传输经过身份验证的用户名。 Application which receives this XML verifies digital signature with certificate's public key, and if validation is OK, reads username from XML, applies internal application authorization logic and at the end creates auth.收到此 XML 的应用程序使用证书的公钥验证数字签名,如果验证成功,则从 XML 读取用户名,应用内部应用程序授权逻辑,最后创建身份验证。 cookie.曲奇饼。 We will probably add encryption so data protection would be complete.我们可能会添加加密,以便完成数据保护。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET零和外部身份验证 - ASP.NET Zero and external authentication 外部身份验证ASP.NET Web API - External Authentication ASP.NET Web API 在ASP.NET MVC中添加外部身份验证 - Adding External Authentication in ASP.NET MVC 在外部门户中将Windows身份验证与ASP.NET和Drupal集成 - Integrating Windows Authentication with ASP.NET and Drupal In External Portal 针对外部Web服务的ASP.NET MVC Forms身份验证 - ASP.NET MVC Forms authentication against external web service ASP.NET Web 表单和外部身份验证服务 - ASP.NET web forms and external authentication service ASP.NET Core:作为其他应用程序的外部身份验证源 - ASP.NET Core: Being an external authentication source for other applications ASP.NET Identity外部认证提供程序自定义图标 - ASP.NET Identity external authentication provider custom icon 外部身份验证服务无法在asp.net Web窗体中使用 - External Authentication Services with not working in asp.net webform 在 ASP.NET WebApi 2 中为移动应用实现外部身份验证 - Implementing External Authentication for Mobile App in ASP.NET WebApi 2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM