我可以使用用户 Windows 登录自动登录 Web 应用程序吗?
在我兼职工作(与 IT 无关)的内网上,我们使用各种不需要显式登录的 Web 应用程序。 显然,我们需要登录 Windows,然后它会以某种方式对我们进行身份验证。
我想知道这是如何做到的? 不用太担心安全性,我将如何利用 Windows 登录信息对 Web 应用程序的用户进行身份验证? 我会使用Python(和Django)。
实现这一目标是否有限制? 例如,是否需要特定的浏览器? 应用程序和 Intranet 后端是否必须托管在同一位置或至少必须进行通信? 或者只是获取用户的 Windows 凭据,并将其传递给 Web 应用程序的身份验证软件?
On the intranet at my part time job (not IT related) there are various web applications that we use that do not require logging in explicitly. We are required to login to Windows obviously, and that then authenticates us some how.
I'm wondering how this is done? Without worrying about security TOO much, how would I go about authenticating a user to a web application, utilizing the windows login information? I'd be using Python (and Django).
Are there limitations on how this can be achieved? For instance, would a specific browser be required? Would the application and intranet backend have to be hosted at the same location or at least have to communicate? Or is it simply getting the users Windows credentials, and passing that to the authentication software of the web application?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
据我所知,唯一能自动传递登录凭据的浏览器是 Internet Explorer。 要启用此功能,请在安全部分下的高级 Internet 选项对话框中选择“启用集成 Windows 身份验证”。 这通常是默认启用的。
Web 服务器必须从 Web 应用程序中删除匿名用户权限,并选中启用 Windows 身份验证选项。 只需将您想要访问 Web 应用程序的用户添加到文件/文件夹权限即可。
我只在 IIS 上尝试过,所以我不确定它是否适用于其他 Web 服务器。
To the best of my knowledge the only browser that automatically passes your login credentials is Internet Explorer. To enable this feature select "Enable Integrated Windows Authentication" in the advanced Internet options dialog under the security section. This is usually enabled by default.
The web server will have to have the Anonymous user permission removed from the web application and enable windows authentication option checked. Simply add the users you want to have access to the web application to the file/folder permissions.
I have only tried this with IIS so I'm not sure if it will work on other web servers.
曾几何时,Internet Explorer 支持 NTLM 身份验证(类似于基本身份验证,但它将缓存的凭据发送到服务器,可以使用域控制器进行验证)。 它用于在内部网中启用单点登录,每个人都应该登录到域中。 我不记得它的细节,而且我已经很久没有使用它了。 如果它符合您的需求,它仍然可能是一个选择。
也许更熟悉的人可能有更多细节。
请参阅:HTTP 的 NTLM 身份验证方案
使用非 Microsoft 服务器的棘手部分框架将与必要的服务进行通信以验证凭据。
Once upon a time Internet Explorer supported NTLM authentication (similar to Basic Auth but it sent cached credentials to the server which could be verified with the domain controller). It was used to enable single-signon within an intranet where everyone was expected to be logged into the domain. I don't recall the details of it and I haven't used it for ages. It may still be an option if it fits your needs.
Maybe someone more familiar with it may have more details.
See: NTLM Authentication Scheme for HTTP
The tricky part of using non-microsoft server framework is going to be talking with the necessary services to verify the credentials.
来自此处:
From here: