将用户身份验证信息传递给 XBAP 应用程序

发布于 2024-10-04 07:55:17 字数 404 浏览 4 评论 0原文

我想将信息传递给在浏览器中运行的 XBAP 应用程序以验证用户身份。它是用户名和密码,其中密码经过哈希处理。

我已经弄清楚如何通过 GET 请求来做到这一点(即只需在查询字符串中传递信息并使用 BrowserInteropHelper.Source.Query 来获取信息)。

然而,这意味着暴露查询字符串中的数据。由于密码是经过哈希处理的,因此您实际上无法看到它,但对我来说这感觉是不好的做法。我找不到任何关于是否可以通过 POST 或 cookie 传递数据的真实信息。根据我从互联网收集的信息,cookie 不适用于 XBAP 应用程序,但我可能是错的。

有谁知道是否以及如何以更安全的方式传输此类数据?如果能确认 cookie 在这种情况下确实不起作用,或者我需要如何继续实施它们,那就太好了。

I want to pass information to athenticate a user to an XBAP application running in a browser. It's a username and password, where the password is hashed.

I've figured out how to do it via GET request (i.e. just pass in the information in a query string and use BrowserInteropHelper.Source.Query to get the information).

However that means exposing the data in the query string. Since the password is hashed it's not like you can actually see it, but it feels like bad practice to me. I can't find any real information about whether it's possible to pass data in via POST or a cookie. From what I've gathered from the internet cookies won't work for XBAP applications, but I might be wrong.

Does anyone know if and how it's possible to transfer this kind of data in a more secure way? It would also be nice to get a confirmation that cookies indeed won't work in this scenario - or how I need to go ahead and implement them.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

沧笙踏歌 2024-10-11 07:55:17

根据我从互联网上的各种来源收集到的信息,GET 确实是这种情况下的唯一方法。

POST 似乎根本不起作用。此外,XBAP 无法访问任何会话 cookie,因此该选项也不可行。

(我会链接到来源,但更多的是从各处收集零散的信息并将其组合在一起。)

我们决定通过 GET 传递参数,但加密整个查询字符串。这不是一个理想的解决方案,但直到我们有资源来实现更复杂、更漂亮的解决方案为止,该解决方案能够在两个完全独立的应用程序(其中一个是 Java 应用程序,另一个是 XBAP)之间共享身份验证详细信息。

From what I could gather from various sources on the internet, GET really is the only way to go in this scenario.

POST doesn't seem to work at all. Also, XBAPs cannot access any session cookies, so that option is not feasible as well.

(I would link to the sources, but it was more about collecting bits and pieces from everywhere and putting it together.)

We settled on passing the parameters via GET, but encrypting the whole query string. This is not an ideal solution, but it has to do until we have the resources to implement a more complex and prettier solution which enables sharing authentication details between two completely separate applications - where one is a Java application and the other an XBAP.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文