使用 Guid 进行单点登录
如何使用 Guid 在同一域上实现单点登录?我无法使用会话,因为不同的网络应用程序将在新窗口中打开,从而丢失会话。
使用技术:ASP.net 3.5、MVC2架构、C#。
How can I use a Guid for implementing single sign on the same domain? I can't use sessions as the different web apps would open in new windows hence loosing the session.
Technology used: ASP.net 3.5, MVC2 architecture, C#.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该能够使用 cookie 并从同一域下运行的任何应用程序访问它。如果其他 Web 应用程序位于子域上,则需要设置 cookie 的
域,如下所示:如果站点存在于 Intranet 中,并且用户都使用唯一的用户帐户登录到 Windows,您可以打开 Windows 身份验证并从 Web 请求中读取其 Windows 用户名来确定用户。
编辑以详细说明:
让每个站点读取 cookie。您可以根据cookie的存在来判断用户是否登录,这可以通过设置cookie过期时间来管理。
如果您想让这个过程变得更复杂(仅依赖 cookie 可能会存在安全问题),您可以将 GUID 存储在数据库中,并让每个页面进行查找以确保它们传入的 GUID 有效。从这里开始,您想要管理数据库中验证的 GUID 由您决定(比较时间戳等)。
您可能希望在 Cookie 中存储其他信息以用于验证。例如,您可以生成一个随机字符串并将其与您的 GUID 一起存储在数据库中。对该字符串执行单向加密,并在首次保存时将其存储在 Cookie 中。这样,您可以在检查 cookie 是否有效时比较该值。
You should be able to use a cookie and access it from whatever application is running under the same domain. If the other web applications sit on a subdomain, you need to set the
Domainof the cookie like:If the sites exist with in an Intranet and the users are all logged into Windows with a unique user account, you can turn on Windows Authentication and read their Windows User Name from their web request to determine the user.
Edit to elaborate:
Have each site read the cookie. You can determine if the user is logged in or not based on the existence of the cookie, which can be managed by setting the cookie expiration.
If you wanted to make this more sophisticated (there are probably security concerns with relying solely on the cookie), you could store the GUID in the database and have each page do a look up to insure the GUID they're passing in is valid. From here, however you want to manage the GUID's validated in the database is up to you (compare time stamps, etc).
You might want to store additional information in the Cookie to use for validation. For instance, you could generate a random string and store that with your GUID in the database. Perform one-way encryption on that string and store it in the Cookie when you initially save it. This way, you can compare that value when checking to see if the cookie is valid.