Some solutions for single sign-on

Solve

Recently many friends in CSDN are discussing the issue of multiple system single sign-on. Now summarize the way you've used it to see if you can add some ideas to your friends.

Before dealing with the problem, discuss the case of so-called "multiple systems", in the sense that multiple systems will appear in the following several situations:

1. The technology used is different, the application platform is not the same: such as using JSP and ASP. NET development, their application platform will be different

2. The physical server in which it resides is inconsistent. Not deployed in the same server cluster.

3. The permissions are used differently, for example, some use Session,cookie, and some use state services.

The goal of "single point login" is to have access to all systems in all systems without being logged in. And to achieve the goal of a single point of landing from a large way can be divided into 3 ways:

1. Automatically generate verification flags on all systems at login
This method needs to be placed in the frames page of each subsystem, and hide other subsystem's login page in other frames, when click "Login" to trigger JS event to submit the current username/password to the landing page of other subsystem, and submit together. This time, all the other systems are logged in.
Efficiency : This method can almost not modify too much code, and can be used for all the multiple systems, Cross-platform, cross-server
disadvantage : After logging in, if there is no switch in each subsystem, the subsystem using session may log in timeout. The solution is simple, however, by simply using an IFRAME in other system-included files (such as copyright) to contain the updated online status of other subsystems, so that the state can be maintained continuously.

2. The verification mark of a cost-only system when it is entered into other systems, the verification of the current system is transformed from the HttpContext mark in the verification, which must, of course, be in all systems on the same Web server and with the same technology.

3. Use a database to record current online information, log in to add online information to the database, and store information that is unique to the client (ip+ machine name, etc.).
When a system wants to obtain information about whether the current user is logged in, determine if the subsystem's login information exists, and if not, then determine if the current client's online information exists in the state database.
Efficiency : This method of efficiency is relatively high and can be used for all the multiple system situations that can cross the platform across the server.
disadvantage : To drill down on the code for each program

Write so much first, then add.