c# - Multiple websites, Single sign-on design -

-

I have a question, a customer who I was working recently, has several websites with different login mechanisms She is slowly trying to migrate to the Single Sign-On system for her websites (all asp.net mvc .)

I see here on my options, here is a list of requirements:

  1. It is to be safe (duh)
  2. It needs to support more user-user qualities than normal, name, address stuff (such as money or credits for a user)
  3. It must give a centralized user management web console for its convenience (I think it will be a small project at the top of the design design, I choose to go for it)
  4. Repeat the entire product Without the need to integrate with existing websites (I think it depends on the existing product implementation).
  5. The person has to deal with emailing when he registers (to activate his account)
  6. User has to deal with activating, when he activates me In the email the link will click (I understand that 5 and 6 require some form for email templateing system so that different e-mails can be supported per app)

I want to create a library It was working which works in conjunction with form authentication, which requires methods (such as logging in, logout, active, etc.) and a small comfortable service to implement activation from email, registration process etc.

Considering the question that things have been left to load in brief and at this point, is it like a good design?

But this is a very common Problem problem Do you have any existing projects that I could use?

Thank you for reading.

The basic thing to understand is that you can not authenticate us using standard form authentication in many standard domains. For example, dev.google.com and www.google.com are separate domains and if a user enters dev.google.com, it does not automatically sign in to www.google.com, unless Google It does not have anything special to enable. The reason for this is that the browser can not access cookies from any other website.

The only way to sign cross domain signals at work is to include important values ​​such as session ID in the query ID, which sets the user's checkbox and user's authentication cookie, possibly through your site. Manually use a little bit of your own custom code.

Example:

The danger of this approach, though, is that someone can locate a user session that was used by the user and was checking session ID. Then you need to make sure that the value used to authenticate the user across the domain is time-sensitive and dynamic. Do not make it user's user ID or username or something like that.

Now, if the site is on the same domain, then you can give them the same machine, and then a user has already entered a site, while on different websites around the same domain Will not log out.


Comments

Post a Comment

Popular posts from this blog

windows - Heroku throws SQLITE3 Read only exception -

-
After I deploy the app to Heroku, I have to run migration scripts and get this error message ... ITES \ padrino \ prophetmargin & gt; Heroku Rack AR: Rack mutated! SQLite3 :: ReadOnlyException: only one try to write database to read: CREATE TABLE "schema_migrations" ( "version" varchar (255) NOT NULL) /disk1/home/slugs/215264_925fd2c_65a3/mnt/.bundle/gems/gems/ padrino-core- is 0.9.11 / lib / padrino-core / cli / rake.rb: 9: in `init ' how can this be? I also tried to run Heroku dbpush SQLite: //db/my-db.db and that did not work Horoku sqlite3 but using postgres does not do. I'm not sure why you are receiving this error, however, as I have used sqlite3 in development and when pushing it into its travel, they do some magic which migrates to postgrads. I'm absolutely sure how Heroku does 'backwash' this database but it seems that this is happening to you because it's the SQLite db file which is obviously due to Heroku's
Read more

lex - Building a lexical Analyzer in Java -

-
I am currently learning lexical analysis in compiler design. To know how a lexical analyzer actually works, I am trying to build myself. I am planning to make it in Java The input to the lexical analyzer is a .tex file that is of the following format. \ section {script} {intro} \ section {Scope} arbitrary text \ section {relevance} uncontrolled text \ subdivision (profit) arbitrary text \ subsubsection {in real life} \ subdivision {Ingredient} \ end {document} The output of the lecture may be a table of contents with a page number in another file. 1 Introduction 1 1.1 Scope 1 1.2 Relevance 2 1.2.1 Benefits 2 1.2.1.1 Real life 2 1.2.2 loss 3 I hope that This problem is within the scope of Language Analysis Read the .exe file and check '\' and continue to check whether it is actually on search In the sectioning command is set to indicate whether or not a flag variable is the type of sectioning. I hope the above approach will work for the construction of Lexa
Read more

python - rename keys in a dictionary -

-
I want to change the names of keys in a dictionary which are ints, and I need them so that the inputs with key zero They can sort correctly. For example, my keys are like this: '1', '101', '11' and I may need them: '001', '101', '011' What is doing, but I know that there is a better way tmpDict = {} in the ADC for the old: t MpDict ['% 04d'% int (olden)] = addict [oldkey] New controlled = tmpDict You are going wrong about this if you want to draw entries on a line in a specific way, then you have to sort on the extraction. for sorted (D, key = int): print '% s:% R'% (k, d [k]) < / Div>
Read more