Asp.Net Core Chat SignalR-based rendered inside an Iframe, and called from inside of an Asp.net Web Form based application
Question
I have an Asp.Net Web form based Application, which relies on an Identity Server for authentication. I'm planning to create a Chat to be used as an independent Asp.Net Core Web Application (using SignalR), which would be authenticated in the same way as the Asp.Net Web form based Application (Both using the "Single Sign-On" approach). So, based on the given context, the key point is that I'd like to be able to render the Chat from inside the Web forms application through an IFRAME and I'm wondering if anyone could help me to identify potential problems that I could come across if I use this approach, specially when it comes to the Security stuff.
Thanks in advance.
1 answers
solution1
0 2019-04-17 09:53:02
Iframes act like a normal pages, or tabs in most aspects.
SSO protocols, including OIDC, are designed exactly to securely simplify the authentication procedure for different web (but not only) apps.
Follow the recommendations regarding the choice of grant type, always use https, do not store refresh tokens nor secrets in browser, and you are secure.
Enable two factor auth, signing keys rotation, and you are secure a bit more. There is nothing absolute in the world, but for general purposees... you are on the right way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.