(Django) 在不同域的两个站点之间共享身份验证

发布于 2024-08-08 05:59:28 字数 311 浏览 5 评论 0原文

我有两个网站:foo.com 和 bar.com,它们都是基于 Django 的。主要注册发生在 foo.com 上(我希望主用户数据库位于此处),并且我希望发生三件事:

1)登录到 foo.com 的用户能够自动访问 bar.com,而无需再次登录

2) 直接登录 bar.com 的用户通过 foo.com 用户 db 进行身份验证。

3) 用户无需直接在bar.com注册。

我怎样才能实现这个目标?如果它大大简化了事情,我可以将 bar.com 设为 foo.com 的子域(例如 bar.foo.com),但它们必须是单独的站点。

I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:

1) User that logs in to foo.com is automatically able to access bar.com without logging in again

2) User that logs in to bar.com directly is authenticated against foo.com user db.

3) There is no need for a user to register at bar.com directly.

How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

寄离 2024-08-15 05:59:28

这取决于您的要求。如果可以的话,简单的解决方案是将两个站点托管在一个 Django 实例上。换句话说,您的 Django 项目托管这两个站点,但您有一个 url 重写规则 将 foo.com 映射到 http://localhost/foo/ 并将 bar.com 映射到 http://localhost /栏/。在这种情况下,Django 的身份验证系统将“正常工作”。重写规则当然也可以应用于子域;我使用这种技术构建了一个托管数百个子域的系统。

如果这不是一个选项,那么在 Django 实例之间共享数据库并设置 SESSION_COOKIE_DOMAIN (如其他人提到的)应该可以。

It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.

If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.

你好,陌生人 2024-08-15 05:59:28

您的第三个要求可以通过在两个站点之间共享相同的数据库(因此具有相同的用户表)轻松解决。

由于跨域问题,第一个要求很棘手(会话cookie不会被共享)。

您真正在寻找什么是单点登录 (SSO)。 //simonwillison.net/2007/Apr/24/openidconsumer/" rel="noreferrer">django-openid。

Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.

The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).

What you are really looking for is a Single Sign On (SSO). You might consider django-openid.

城歌 2024-08-15 05:59:28

我有一个非常相似的问题,但 OpenID 对我来说不是一个可行的解决方案。随着 django >1.2 中多个数据库的出现,现在跨站点共享会话和登录数据变得非常容易。 这篇博文很好地解释了如何设置它。希望其他人像我一样发现这个有用。

I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.

终难遇 2024-08-15 05:59:28

我认为您正在寻找的是 SESSION_COOKIE_DOMAIN 设置。您可以这样设置:

SESSION_COOKIE_DOMAIN = 'foo.com'

请参阅 http:// /docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain 了解更多信息。这确实假设两个应用程序都使用相同的会话存储后端。

I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:

SESSION_COOKIE_DOMAIN = 'foo.com'

See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.

智商已欠费 2024-08-15 05:59:28

这些可以通过实施CAS(集中式身份验证服务)来实现。

在您的示例中,foo.com 是您的服务器,bar.com 是客户端。只需要一台服务器;您可以拥有任意数量的客户。

在您的服务器上:

  • 安装并配置 django-mama-cas (或任何等效项)和 django-cas-ng (或任何等效项)。
  • 不需要在服务器上添加 django-cas-ng url。

在您的客户端上:

  • 安装并配置 django-cas-ng (或任何相等的)。
  • 在客户端的 urls.py 上添加登录和注销 django-cas-ng url。
  • 对我来说,我已将装饰器 @login_required(login_url="/accounts/login") 添加到受保护的视图中,
  • 请务必在客户端的 settings.py 中定义 CAS_SERVER_URL 。在您的示例中,这将类似于“CAS_SERVER_URL = foo.com”。

希望这对某人有帮助,因为我还没有找到任何明确给出并解释上述说明的教程。

These can be achieved by implementing CAS (Centralized Authentication Service).

In your example, foo.com is your server, bar.com is the client. Only one server is required; you can have as many clients as you need.

On your server:

  • Install and configure django-mama-cas (or any equivalent) and django-cas-ng (or any equivalent).
  • Not required to add django-cas-ng urls on the server.

On you client(s):

  • Install and configure django-cas-ng (or any equivalent).
  • Add the login and logout django-cas-ng urls on the client's urls.py.
  • For me, I have added the decorator @login_required(login_url="/accounts/login") to the protected views
  • Be sure to define CAS_SERVER_URL in the settings.py of the client. In your example, that would be something like "CAS_SERVER_URL = foo.com".

Hope this helps someone as I have not found any tutorial that explicitly gave and explained the instructions above.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文