问题描述
一个客户端使用传统的ASP登录到他们的基于Web的后台。
A client uses classic ASP to log in to their web based backoffice.
我已经写信给包括在后台一个新的ASP.Net应用程序,我需要利用现有的登录系统,这样,当他们在那里登录,他们不需要在重新登录新的ASP.Net应用程序。
I have written a new ASP.Net app to be included in the backoffice, and I need to utilize the already existing login-system, so that when they are logged in there, they don't need to log in again in the new ASP.Net app.
登录和密码存储在一个SQL Server数据库明文,我可以从我的ASP.Net应用程序访问。
Logins and passwords are stored as clear text in a SQL Server db, that I can access from my ASP.Net app.
什么是整合这些系统的有效途径?
What would be an effective way to integrate these systems?
我目前最好的办法是:
在链接到我的ASP.Net应用程序,我链接到一个门户登录页面与他们的用户名和一个哈希密码+共同秘密查询字符串。然后,我比较这对在数据库中的用户的密码......但问题是,如果该查询字符串被截获,它可以用来访问asp.net网站,而无需实际知道用户名和密码...
My current best idea is:In the link to my ASP.Net app, I link to a "gateway" login-page with their userid and a hashed password + common secret in the querystring. I then compare this to the password of the user in the database... But the problem is, that if this querystring is intercepted, it can be used to access the asp.net site, without actually knowing the username and password...
我最有可能俯瞰简单的东西。
I am most likely overlooking something simple.
推荐答案
我认为你的想法是正确的道路上。
I think your idea is on the right path.
正如你可能已经知道,传统的ASP和asp.net不能共享相同的会话状态,这样你就需要有一个机制,从一个登录到其他。
As you probably already know, classic asp and asp.net cannot share the same session state, so you do need to have a mechanism to log from one into the other.
我会做的是:当有人登录,创建一个唯一的GUID,你在数据库中的用户保存。当你从一个网站跳到另一个,传递GUID进入查询字符串。当你试图把它们自动登录到其他网站,查找该GUID,看看它是否附加到任何人。如果是,请登录他们进来。
What I would do is: when someone logs in, create a unique GUID that you save in the database for that user. When you jump from one site to the other, pass that GUID into the query string. When you try to auto-log them into the other site, look up that GUID and see if it's attached to anyone. If it is, log them in.
这样,你不传递任何一个用户可以猜测或解密。
This way you aren't passing anything that a user could guess or decrypt.
这篇关于分享传统的ASP和ASP.Net间登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!