I have two websites, one driven by ASP.NET and the other in PHP. The PHP site is hosted on a relatively inexpensive host provider ('unlimited bandwidth and diskspace for $10 a month). The PHP site also provides REST URLs which would help me in monetizing my website.
我有两个网站,一个由ASP.NET驱动,另一个在PHP中。 PHP站点托管在一个相对便宜的主机提供商('无限带宽和磁盘空间,每月10美元)。 PHP站点还提供REST URL,这将帮助我通过我的网站获利。
The other site (the 'main' site, as it were) is an ASP.NET website which houses the login mechanism. My goal is to allow users to log in to the ASP.NET site and then be redirected to the PHP based domain. Is there an easy and feasible solution that accomplishes this?
另一个站点('main'站点,实际上是一个ASP.NET网站,其中包含登录机制)。我的目标是允许用户登录到ASP.NET站点,然后重定向到基于PHP的域。是否有一个简单可行的解决方案来实现这一目标?
I have a few questions with regards to that approach:
关于这种方法,我有几个问题:
How would I pass session information and variables from the ASP.NET Application to the PHP based application, to facilitate the aura of 'Single Sign On'?
如何将会话信息和变量从ASP.NET应用程序传递到基于PHP的应用程序,以促进“单点登录”的光环?
Would a 'simple' cookie be able to handle this scensario? Or would I need to use encrypted query strings?
一个'简单'的cookie能够处理这个scensario吗?或者我需要使用加密的查询字符串?
There is no 'sensitive' data on these sites, so securing user data isn't a top priority. The site was built 'for fun'.
这些网站上没有“敏感”数据,因此保护用户数据不是首要任务。该网站是为了“有趣”而建造的。
Are there hosts that allow subdomains to be hosted on a different language platform than the main domain? If I had www.example.com hosted on an ASP.NET server, could I have a subdomain (forum.example.com) hosted on a PHP server? Is this possible?
是否有主机允许子域托管在与主域不同的语言平台上?如果我在ASP.NET服务器上托管了www.example.com,我可以在PHP服务器上托管一个子域(forum.example.com)吗?这可能吗?
Any help on this is greatly appreciated.
非常感谢任何帮助。
3 个解决方案
#1
Although more complex, I would go with the same methodology as the OpenID spec and use the Diffie-Hellman exchange. This allows two parties with no prior trust, to establish a trust for a certain period of time.
虽然更复杂,但我会使用与OpenID规范相同的方法并使用Diffie-Hellman交换。这允许没有事先信任的双方在一段时间内建立信任。
PHP的信息
VB.NET的信息
#2
I would go for a cookie if both sites are on the same domain. One advantage of cookies over encrypted strings is that they are automatically passed between requests and you don't have to think about them when building your urls. One downside of cookies is that they can be disabled by users.
如果两个网站都位于同一个域,我会选择cookie。 Cookie优于加密字符串的一个优点是它们可以在请求之间自动传递,您在构建网址时无需考虑它们。 Cookie的一个缺点是用户可以禁用它们。
#3
Store the sessions in a database and create / use a session-type which is cross-platform. You might to do it yourself. But you should know that passing sessions etc between different languages like this, can be dangerous ( security-wise )
将会话存储在数据库中并创建/使用跨平台的会话类型。你可以自己做。但你应该知道,像这样在不同语言之间传递会话等可能是危险的(安全方面)
#1
Although more complex, I would go with the same methodology as the OpenID spec and use the Diffie-Hellman exchange. This allows two parties with no prior trust, to establish a trust for a certain period of time.
虽然更复杂,但我会使用与OpenID规范相同的方法并使用Diffie-Hellman交换。这允许没有事先信任的双方在一段时间内建立信任。
PHP的信息
VB.NET的信息
#2
I would go for a cookie if both sites are on the same domain. One advantage of cookies over encrypted strings is that they are automatically passed between requests and you don't have to think about them when building your urls. One downside of cookies is that they can be disabled by users.
如果两个网站都位于同一个域,我会选择cookie。 Cookie优于加密字符串的一个优点是它们可以在请求之间自动传递,您在构建网址时无需考虑它们。 Cookie的一个缺点是用户可以禁用它们。
#3
Store the sessions in a database and create / use a session-type which is cross-platform. You might to do it yourself. But you should know that passing sessions etc between different languages like this, can be dangerous ( security-wise )
将会话存储在数据库中并创建/使用跨平台的会话类型。你可以自己做。但你应该知道,像这样在不同语言之间传递会话等可能是危险的(安全方面)