(Django) 在不同域的两个站点之间共享身份验证
我有两个网站:foo.com 和 bar.com,它们都是基于 Django 的。主要注册发生在 foo.com 上(我希望主用户数据库位于此处),并且我希望发生三件事:
1)登录到 foo.com 的用户能够自动访问 bar.com,而无需再次登录
2) 直接登录 bar.com 的用户通过 foo.com 用户 db 进行身份验证。
3) 用户无需直接在bar.com注册。
我怎样才能实现这个目标?如果它大大简化了事情,我可以将 bar.com 设为 foo.com 的子域(例如 bar.foo.com),但它们必须是单独的站点。
I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:
1) User that logs in to foo.com is automatically able to access bar.com without logging in again
2) User that logs in to bar.com directly is authenticated against foo.com user db.
3) There is no need for a user to register at bar.com directly.
How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这取决于您的要求。如果可以的话,简单的解决方案是将两个站点托管在一个 Django 实例上。换句话说,您的 Django 项目托管这两个站点,但您有一个 url 重写规则 将
foo.com
映射到http://localhost/foo/
并将bar.com
映射到http://localhost /栏/
。在这种情况下,Django 的身份验证系统将“正常工作”。重写规则当然也可以应用于子域;我使用这种技术构建了一个托管数百个子域的系统。如果这不是一个选项,那么在 Django 实例之间共享数据库并设置
SESSION_COOKIE_DOMAIN
(如其他人提到的)应该可以。It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps
foo.com
tohttp://localhost/foo/
andbar.com
tohttp://localhost/bar/
. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.If this isn't an option, sharing databases between your Django instances and setting
SESSION_COOKIE_DOMAIN
, as mentioned by others, should work.您的第三个要求可以通过在两个站点之间共享相同的数据库(因此具有相同的用户表)轻松解决。
由于跨域问题,第一个要求很棘手(会话cookie不会被共享)。
您真正在寻找什么是单点登录 (SSO)。 //simonwillison.net/2007/Apr/24/openidconsumer/" rel="noreferrer">django-openid。
Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.
The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).
What you are really looking for is a Single Sign On (SSO). You might consider django-openid.
我有一个非常相似的问题,但 OpenID 对我来说不是一个可行的解决方案。随着 django >1.2 中多个数据库的出现,现在跨站点共享会话和登录数据变得非常容易。 这篇博文很好地解释了如何设置它。希望其他人像我一样发现这个有用。
I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.
我认为您正在寻找的是
SESSION_COOKIE_DOMAIN
设置。您可以这样设置:请参阅 http:// /docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain 了解更多信息。这确实假设两个应用程序都使用相同的会话存储后端。
I think what you are looking for is the
SESSION_COOKIE_DOMAIN
setting. You would set it like this:See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.
这些可以通过实施CAS(集中式身份验证服务)来实现。
在您的示例中,foo.com 是您的服务器,bar.com 是客户端。只需要一台服务器;您可以拥有任意数量的客户。
在您的服务器上:
在您的客户端上:
希望这对某人有帮助,因为我还没有找到任何明确给出并解释上述说明的教程。
These can be achieved by implementing CAS (Centralized Authentication Service).
In your example, foo.com is your server, bar.com is the client. Only one server is required; you can have as many clients as you need.
On your server:
On you client(s):
Hope this helps someone as I have not found any tutorial that explicitly gave and explained the instructions above.