来自 ASP.NET 的 OpenSSO 服务器上的加密身份验证请求
我有一个 ASP.NET 网站,负责处理登录过程的发生方式,并且我想重定向到受 OpenSSO 服务器保护的站点。
因此,当用户在 ASP.NET 网站中进行身份验证时,我必须检索相应的 OpenSSO 令牌,以便重定向到受 OpenSSO 保护的网站。
实际上,我可以检索 OpenSSO 令牌,但用户名/密码是明文传递的!
http://myopenssoserver.com/opensso/identity/authenticate?username=myUserID&password=myPassword
是否可以将身份验证请求的加密用户名/密码传递到 OpenSSO 服务器以检索令牌
感谢您的回答
I have an ASP.NET website that take care of the way the login process occurs and I want to redirect to a site that is protected by an OpenSSO server.
So when the user is authenticated in the ASP.NET Website, I have to retreive the corresponding OpenSSO token in order to redirect to the website protected by OpenSSO.
Actually, I'm able to retreive the OpenSSO token but the username/password are passed in clear !
http://myopenssoserver.com/opensso/identity/authenticate?username=myUserID&password=myPassword
Is it possible to pass an encrypted username/password for an authentication request onto the OpenSSO server in order to retrieve the token
Thanks a million for your answers
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
返回设置为将数据 POST 到
https://myopenssoserver.com/opensso/identity/authenticate的表单,并使用 JavaScript 使浏览器自动提交表单。这样,您的数据在网络上保持加密状态,并免受中间人攻击。
您还可以为使用 JavaScript 被禁用或不可用的浏览器的用户添加一个提交按钮(可能在
内)。Return a form that's set to POST the data to
https://myopenssoserver.com/opensso/identity/authenticateand use JavaScript to make the browser automatically submit the form.This way, your data stays encrypted on the wire and is protected from man-in-the-middle attacks.
You could also include a submit button (inside a
<noscript>, perhaps) for users with browsers where JavaScript is disabled or unavailable.