如果用户登录到另一个网站,则自动登录到当前网站
我有大约 100 个用 ASP 经典代码编写的网站.每个网站都接受订单并将其存储在数据库中.但是,这些订单的付款必须在另一个网站上进行,也用 ASP 经典编码.所有网站都归同一家公司所有,托管在同一 IIS 服务器上并使用同一 SQL Server 数据库.
I have about 100 websites coded in ASP classic. Each website accepts orders and stores them in database. However, the payment of these orders must be made on another website, also coded in ASP classic. All websites are owned by same company, hosted on same IIS server and use the same SQL Server database.
现在,用户通过输入一些个人信息进行注册并登录其中一个网站(例如 website-for-newjersey.com)并下订单.然后,他被重定向到支付网站(https 上的payments.master-website.com),其中他的一些个人信息(地址、城市、运输州;信用卡持有人姓名等)出现在支付表单上.在该页面上输入信用卡特定信息.
Now, the user registers by entering some personal information and logs in to one of these website (e.g. website-for-newjersey.com) and places an order. He is then redirected to the payments website (payments.master-website.com on https) where some of his personal information (address, city, state for shipping; name for credit card holders name; etc) appears on the payment form. Credit card specific information is entered on that page.
由于该页面上显示的信息的敏感性,用户必须先登录支付网站,然后才能查看预先填写的支付表格.而且我不希望用户登录两次(每个网站一次).是否有可靠的方法来检查用户是否使用经典 ASP 登录到 refering 网站.
Because of the sensitivity of information shown on that page, the user must login to the payment website before he/she can view the pre-filled payment form. And I do not want the user to login twice (once on each website). Is there a reliable way of checking if the user is logged in to the referring website using classic ASP.
长话短说
- 在网站 B 我需要检查访问者是否登录到网站 A
- 在网站 B 上,我需要来自网站 A 的 ID 会话变量
- 两个网站使用相同的数据库服务器
- 我需要明确的指示
- 如果 PHP 或 ASP.NET 解决方案是通用/便携的,则可以接受
推荐答案
您所问的称为单点登录 (SSO),可以通过几种方式实现.关于这个问题有很多话题,例如:你最喜欢的跨域cookie是什么共享方法?但它们都因个人要求而异.
What you asked is called single sign on (SSO) and can be implemented in few ways. There are many topics on this matter, example: What's your favorite cross domain cookie sharing approach? but they all vary due to individual requirements.
在您的情况下,您有不同的域(因此您不能在它们之间共享 cookie),您混合使用 http 和 https(这可能是一个问题),并且您有很多应用程序,因此您不会进行很多更改.
In your case you have different domains (so you cannot share cookies across them), you mix http and https (which might be a problem) and you have many applications so you won't make many changes.
所以我建议考虑罗伯特的建议:
So I would recommend to consider Robert's suggestion:
- 当用户第一次通过身份验证时(网站 A),您将 GUID 保存在数据库中.为带有 GUID、用户 ID、IP 和时间戳列的会话添加新表,或将其保存为订单数据的一部分.将 GUID 存储在会话对象中.
- 在有支付网站链接的页面上,将其设置为查询字符串或隐藏变量(如果是表单).
- 在另一个域(网站 B)上检查 GUID,然后在数据库中查找它.如果它不是太旧,则对用户进行身份验证,否则将他重定向到登录页面.
如果您无法更改支付网站的链接,那么您可以尝试跳过第 2 步并通过他的 ip 验证用户,但这可能太冒险了.
If you cannot change a link to the payment site then you could try to skip the step 2 and validate the user by his ip but this might be too risky.
相关文章