CN113965352A - Third-party website login method and device, electronic equipment and storage medium - Google Patents

Third-party website login method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113965352A
CN113965352A CN202111101817.4A CN202111101817A CN113965352A CN 113965352 A CN113965352 A CN 113965352A CN 202111101817 A CN202111101817 A CN 202111101817A CN 113965352 A CN113965352 A CN 113965352A
Authority
CN
China
Prior art keywords
party website
login
identity information
user identity
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111101817.4A
Other languages
Chinese (zh)
Other versions
CN113965352B (en
Inventor
蔡灵通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202111101817.4A priority Critical patent/CN113965352B/en
Publication of CN113965352A publication Critical patent/CN113965352A/en
Application granted granted Critical
Publication of CN113965352B publication Critical patent/CN113965352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application relates to the technical field of internet communication, and discloses a third-party website login method, a third-party website login device, electronic equipment and a storage medium, wherein the method comprises the following steps: under the condition that a user requests to access a third-party website, sending the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; and analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information. Under the condition that the SameSite attribute is opened by the browser, user identity information can be transmitted across sites through a lightweight protocol, and legal cross-site login of a third-party website is efficiently and accurately completed on the currently accessed website on the basis of ensuring website access security.

Description

Third-party website login method and device, electronic equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of internet communication, in particular to a third-party website login method, a third-party website login device, electronic equipment and a storage medium.
Background
With the continuous development of communication technology and internet, it is more common for a user to perform nested login and access of multiple websites through user equipment, but the nested login of multiple websites is prone to the problem that user information is leaked or is carried by malicious websites. Therefore, to improve security of website access, browsers have come to support the Samesite attribute, which is used to restrict the behavior of third party cookies. It can set three values: and (5) Strict: most strictly, third party cookies are prohibited altogether, and no cookie is always sent when the current site is in a cross-site relationship with the requesting target site. Lax: the rule is loose, and most cases do not send third party cookies, None: the function is turned off. After the Strict or the Lax is set, the attribute can cause that the third-party website cannot acquire the user identity information (cookie information) of the first-party website, so that the problems that some malicious websites initiate Cross-site request forgery attack (CSRF) and user tracking to the website by trying to forge Http (hypertext transfer protocol) requests with correct cookies can be effectively avoided.
However, after the SameSite attribute is opened by the browser, if a trusted third-party login website is embedded in the current website, after the user logs in the third-party website, the third-party website sends a redirection request to the current website, and since the user identity information of the current website cannot be acquired and carried, the current website cannot acquire the identity information of the user who successfully logs in the third-party website, and further login is invalid, and cross-site login of the third-party website cannot be completed at the current website.
Disclosure of Invention
The embodiment of the application mainly aims to provide a third-party website login method, a third-party website login device, electronic equipment and a storage medium, and aims to efficiently and accurately complete legal cross-site login of a third-party website on a currently accessed website on the basis of ensuring website access security.
In order to achieve the above object, an embodiment of the present application provides a third-party website login method, including: under the condition that a user requests to access a third-party website, current user identity information of the user is sent to a preset platform according to a preset rule, and a current page is redirected to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; and analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information.
In order to achieve the above object, an embodiment of the present application further provides a third-party website login apparatus, including: the sending module is used for sending the current user identity information of the user to a preset platform according to a preset rule under the condition that the user requests to access the third-party website, and redirecting the current page to a login page of the third-party website; the receiving module is used for receiving a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website; and the login module is used for analyzing the redirection request and completing cross-site login of the third-party website according to the acquired user identity information.
In order to achieve the above object, an embodiment of the present application further provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the third party website login method as described above.
In order to achieve the above object, an embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the third-party website login method as described above is implemented.
According to the third-party website login method provided by the embodiment of the application, under the condition that the current website detects that a user needs to login the third-party website, the current user identity information of the user is sent to the preset platform according to the preset rule, so that the preset platform returns the user identity information and the redirection request to the current website after the user successfully logs in the third-party website, and the cross-site login of the third-party website is completed according to the analysis result of the redirection request and the user identity information. In the cross-site login process of the third-party website, the user identity information is sent to the preset platform, and after the user successfully logs in the third-party website, the preset platform returns the user identity information and the redirection request to the current website, so that the user identity information can be interacted in the process of accessing the website through the browser with the SameSite attribute opened. After the user successfully logs in the third-party website, the user identity information is sent back to the original website through the preset platform, so that the original website can identify the user identity of the user who successfully logs in the third-party website according to the obtained user identity information, and the condition that the login is invalid due to the fact that the user identity information cannot be carried in the cross-site login process is avoided. The browser with the SameSite attribute started supports cross-site login of the third-party website through a lightweight protocol, and the cross-site login legality of the third-party website is guaranteed while the website access security is guaranteed.
Drawings
One or more embodiments are illustrated by the corresponding figures in the drawings, which are not meant to be limiting.
FIG. 1 is a flowchart of a third-party website login method in an embodiment of the present invention;
FIG. 2 is a diagram illustrating a third-party website login process according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating another third party website login process in accordance with an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a third-party website login device according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device in another embodiment of the invention.
Detailed Description
As can be seen from the background art, after the SameSite attribute is turned on, if a trusted third-party login website is embedded in the current website, and after the user logs in the third-party website, when the third-party website sends a redirection request to the current website, because the user identity information of the current website cannot be acquired and carried, the current website cannot acquire the user identity information corresponding to the redirection request, and further, the login is invalid, and the cross-site login of the third-party website cannot be completed at the current website. Therefore, how to realize legal cross-site login of a third-party website on the basis of ensuring the access security of the website is a problem which needs to be solved urgently.
In order to solve the above problem, an embodiment of the present application provides a third-party website login method, including: under the condition that a user requests to access a third-party website, current user identity information of the user is sent to a preset platform according to a preset rule, and a current page is redirected to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; and analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information.
To make the objects, technical solutions and advantages of the embodiments of the present application clearer, the embodiments of the present application will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that in the examples of the present application, numerous technical details are set forth in order to provide a better understanding of the present application. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present application, and the embodiments may be mutually incorporated and referred to without contradiction.
The following description will specifically describe implementation details of the third-party website login method described in the present application with reference to specific embodiments, and the following description is only provided for facilitating understanding of the implementation details and is not necessary to implement the present invention.
The embodiment of the invention provides a third-party website login method on one hand, which is applied to a web website, and the cross-site login process of the third-party website nested in the currently accessed web website is shown in a reference figure 1, and comprises the following steps:
step 101, sending the current user identity information of the user to a preset platform, and redirecting the current page to a login page of a third-party website.
Specifically, a user initiates an access request to a web site through a browser with a SameSite attribute opened, after receiving the access request of user equipment, the web site determines a service to be transacted by the user according to the access request, and detects whether the user requests to access a third-party website in the service transaction process. Under the condition that a user requests to access a third-party website, the current user identity information of the user is sent to a preset platform according to a preset rule, and the current page is redirected to a login page of the third-party website. Under the condition that it is detected that user equipment requests to access a third-party website, the current user identity information of a user is sent to a preset platform, and the current page is redirected to a login page of the third-party website, so that interactive transmission of the user identity information can be achieved in a cross-site login process.
In one example, the sending, by the web site, the current user identity information of the user to the preset platform according to the preset rule includes: under the condition that the preset platform is a third-party website, encrypting the current user identity information of the user according to a preset asymmetric encryption algorithm; and sending the encrypted user identity information to a third-party website. Specifically, before sending user identity information, the web site identifies the identity of the preset platform, and in the case that the preset platform is a third-party website, the web site and the third-party website cannot directly transmit the user identity information. Under the condition, the web website encrypts the current user identity information of the user according to a preset asymmetric encryption algorithm, changes the data type of the user identity information into encrypted data, enables the encrypted user identity information to be transmitted to a third-party website, and then sends the encrypted user identity information to the third-party website. The user identity information is encrypted by adopting an asymmetric encryption algorithm, so that the encryption efficiency and effect of the user identity information are ensured, cross-site transmission of the user identity information can be realized, and a third-party website can accurately acquire the user identity information of a login user.
Further, an asymmetric encryption algorithm adopted in the process of encrypting the user identity information by the web website is any one of the following algorithms: RSA algorithm, DSA algorithm, ECC algorithm, and DH algorithm. For example, the web site encrypts the user identity information by using an RSA algorithm, and the web site randomly generates a public key and a private key in an encryption process according to the RSA algorithm, wherein the public key is an encryption key and the private key is a decryption key. Then, a key pair formed by the public key and the private key is cached to generate a caching identifier keySign of the key pair, and then the current user identity information (cookie information) of the user is encrypted according to the caching identifier and the encryption key of the key pair. Packaging the user identity information and the key pair identification into data in a Json format, { keySign ': XXXXXXXX'// public and private key cache identification; "content" "XXXXX"// content after encryption of cookie by public key }, and is named as cookie State parameter. The web website selects a proper encryption algorithm to encrypt the user identity information according to actual needs, so that the practicability of encrypting the user identity information is improved while the encryption is ensured to be smoothly carried out.
In another example, after encrypting the user identity information according to a preset asymmetric encryption algorithm, the web site encrypts the current user identity information of the user and sends the encrypted user identity information to the third-party website, including: and adding the encrypted user identity information into the service parameters of the third-party website, and sending the service parameters to the third-party website. Specifically, the web site sends service parameters, such as service parameters, to the third-party website when redirecting the current page to the landing page of the third-party website. In order to accurately transmit the encrypted user identity information to the third-party website, after the web website completes the encryption of the user identity information, the encrypted user identity information is packaged into a request parameter cookie state, the request parameter is added to a service parameter sent to the third-party website, then a current page is redirected to a login page of the third-party website, and the service parameter is sent to the third-party website. The encrypted user identity information is added to the service parameters of the third-party website, and the user identity information is accurately carried to the third-party website by using the service parameters of the third-party website, so that the third-party website can accurately acquire the user identity identification information when the browser with the SameSite attribute is started to perform cross-site access.
Further, before sending the service parameters to the third-party website, the web website further includes: and carrying out redirection coding on the service parameters, allowing the third-party website to use the service parameters as uniform resource locators, and returning a redirection request according to the uniform resource locators. After the encrypted user identity information is added to the service parameters of the third-party website, the web website carries out redirection coding (URL coding) on the content of the service parameters sent to the third-party website. For example, the address of the web site is https:// www.o2.com, the address of the third-party website is https:// www.sso.com, and the encrypted user identity information is cookie state ═ XXXX. Then, after URL encoding is performed on the service parameter to which the user identification information is added, the service parameter is https:// www.sso.comservice ═ URL encoding (https:// www.o2.com & cookie state ═ XXXX). After the current page is redirected to the third-party login website, the third-party website prompts the user to log in. And when the user successfully logs in the third-party website, the third-party website automatically takes out the content which is subjected to redirection coding in advance from the received service parameters, and takes (https:// www.o2.com & cookie State ═ XXXX) as a Uniform Resource Locator (URL) redirected to the web website. And redirecting the current page back to the web site according to the URL, returning a redirection request carrying the encrypted user identity information to the web site, and automatically bringing the encrypted user identity information back to the web site through the URL. By carrying out redirection coding on the service parameters of the third-party website in advance, the third-party website can be redirected by using the uniform resource locator which is coded in advance when the user successfully logs in to carry out page redirection; and the encrypted user identity information is accurately brought back to the web website, so that the user identity information can be transmitted in the cross-site login process of the third-party website, and the accuracy of the user identity information transmission is ensured.
In another example, the third-party website that is logged in cross-site through a web website is a website embedded through a preset tag. Specifically, a third-party website supporting cross-site login of the current web website has a limitation condition, and the third-party website needs to be embedded in the web website by adopting a preset tag in advance, so that the cross-site access and login of the third-party website are supported by utilizing the sub-resources of the specified type of the web website, and therefore, the effect of starting a browser with the SameSite attribute on all cross-site access of the web website is guaranteed. By using a label nesting mode, the sub-resources specified by the web site are called to support cross-site access and login of the third-party web site, so that the login access validity of the third-party web site is guaranteed, and meanwhile, the safety in the web site access process is guaranteed.
Further, the preset tags for nesting the third-party websites in the web websites include: an Iframe tag and an object tag. In a plurality of sub-resources of the web site, the monitoring strength of the sub-resources corresponding to the Iframe tag and the object tag by the browser with the SameSite attribute started is high, and the two types of tags are selected for nesting of the third-party website, so that the safety of the third-party website in the accessing and logging processes is further ensured.
And 102, receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website.
Specifically, the web site sends the user identity information to the preset platform, and after the current page is redirected to the login page of the third-party website, the user is prompted to log in the third-party website, after the user inputs correct login authentication information and successfully completes the login of the third-party website, the preset platform returns a redirection request and the user identity information to the web site according to the uniform resource locator, the current page is redirected to the web site, and the web site receives the redirection request and the user identity information returned by the preset platform after the user successfully logs in the third-party website.
And 103, analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information.
Specifically, after receiving a redirection request of a preset platform, the web site parses the redirection request and reads the received user identity information. And then, according to the acquired user identity information, finishing the cross-site login of the user on a third-party website in the web website. The user identity information can be transmitted in a trusted third-party website and a web website under the condition that the SameSite is opened by the browser through a lightweight protocol, and the cross-site login legality of the third-party website is realized on the basis of ensuring the website access security.
For example, as shown in fig. 2, a schematic diagram of a cross-site login process for accessing a web site by a browser that opens a SameSite attribute and implementing a third-party website on the web site is shown. The preset platform is a third-party website, and an encryption algorithm adopted when the user identity information is encrypted is an RSA algorithm. When a user transacts business, an access request is sent to a specified web site through a browser. After receiving an access request of user equipment, the web website detects whether third-party website login is needed. And sending the encrypted user identity information to the third-party website and redirecting the current page to the login page of the third-party website under the condition that cross-site login of the third-party website needs to be performed on the current website. After the user successfully logs in the third-party website, the third-party website initiates a redirection request to the web website, and redirects the current page back to the initial webpage of the web website by carrying the encrypted user identity information. After receiving the redirection request, the web site analyzes the redirection request and acquires the key pair identifier from the cookie state parameter. And then reading a public key and a private key (an encryption key and a decryption key) generated when the user identity information is encrypted according to the obtained key pair identifier, decrypting the encrypted parameters by using the decryption key, and obtaining the user identity information contained in the cookie State parameter. And then, according to the acquired user identity information, identifying the identity of the user who finishes logging in the third-party website, thereby finishing the cross-site logging of the user on the third-party website in the web website.
In addition, in order to ensure the security in the transmission process of the user identity information, an encryption key and a decryption key are set as a one-time key. After the web site uses the decryption key once, the encryption key, the decryption key and the key pair identifier can be deleted, and the user identity information is regenerated after the encryption is performed again.
In another aspect, an embodiment of the present invention further provides a third-party website login method, which is applied to a web website, where a preset platform in a third-party website login process is a proxy node, and a third-party website login process refers to fig. 1, and includes the following steps:
step 101, sending the current user identity information of the user to a preset platform, and redirecting the current page to a login page of a third-party website.
Specifically, a user initiates an access request to a web site through a browser with a SameSite attribute opened, and the web site requests to access a third-party website when the user requests to access the third-party website and the preset platform is a proxy node. According to a preset rule, when the current user identity information of a user is sent to a preset platform, the user identity information and the redirection resource locator are transmitted to the proxy node according to a hypertext transfer protocol, the proxy node returns a redirection request according to the redirection resource locator after the user successfully logs in the third-party website, and then the current page is redirected to a login page of the third-party website through the proxy node. By adopting the hypertext transfer protocol to transmit the user identity information and the redirection resource locator, the user identity information is transmitted to the proxy node without encryption, so that the transmission efficiency of the user identity information is improved, and the transmission safety of the user identity information is ensured.
In one example, after the web site transmits the user identity information and the redirection resource locator to the proxy node according to a hypertext transfer protocol, the method further comprises: receiving a login identifier returned by the proxy node; redirecting the current page to a landing page of a third-party website, comprising: and redirecting the current page to the proxy node according to the login identification, and redirecting the current page to a third-party login website through the proxy node. The method comprises the steps that a login identification is applied to an agent node, and a current page is redirected to a login page of a third-party website through the agent node, so that the web website and the third-party website realize indirect interaction according to the login identification.
And 102, receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website.
And 103, analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information.
For example, as shown in fig. 3, a schematic diagram of a cross-site login process for accessing a web site by a browser that opens a SameSite attribute and implementing a third-party website on the web site is shown. The preset platform is an agent node.
When a user transacts business, a browser initiates an access request to a specified web site (with the address of https:// www.o2.com), and after receiving the access request of user equipment, the web site detects whether a third-party website (with the address of https:// www.sso.com) needs to be logged in. Under the condition that cross-site login of a third-party website needs to be carried out on a current website, user identity information and a redirection resource locator (LastURL) of a web website are sent to a proxy node (the address is HTTPs:// www.proxy.com) in an HTTP (hyper text transfer protocol) request mode, and a login identification (Loginld) is applied to the proxy node. After receiving the HTTP request of the web site, the proxy node generates a login Identifier according to a Unique Identifier function (uid), and stores the generated login Identifier, user identity information, redirection resource locator, and the like, in a preset storage space. For example, it is stored in Json format in its memory, denoted as clientPreLoginParam ═ loginnid ": XXX"; "cookie": XXX "; "lastUrl": XXX "}. The generated login identification is then returned to the web site. After receiving the login identification, the web site carries the obtained login identification, redirects to the proxy node and requests to redirect to a third-party login website. After receiving a request for redirecting the web website to a third-party website, the proxy node splices the login identification carried in the request to the service parameter of the third-party website, and carries out redirection coding on the service parameter. The current page is then redirected to a landing page of the third party website and the redirect-encoded service parameters (https:// www.sso.com. After the user successfully logs in the third-party website, the third-party website issues a login token, then the received service parameter is taken out, the service parameter content (https:// www.proxy.com & ticket ═ XXX & loginId ═ XXXXXXX) is taken as a URL redirected to the proxy node, and a redirection request carrying a login identifier is initiated to the proxy node. And after receiving the redirection request carrying the login identification and the login token, the proxy node acquires the login information of the user from the third-party website according to the login token. And then according to the login identification in the redirection request, reading user identity information and a redirection resource locator in the pre-login parameters of the user, and then returning the user identity information and the user login information to the web site in an HTTP mode. After receiving the user login information and the user identity information returned by the proxy node, the web website binds the user login information and the obtained user identity information to take effect. And then the proxy node initiates a redirection request to the web site, the web site analyzes the redirection request of the proxy node, redirects the current page back to the web site, and completes the cross-site login of the third-party website.
In addition, in order to ensure the safety of the user identity information, the proxy node can delete the stored pre-login parameters of the user equipment after using the redirection resource locator once, and reestablish new pre-login parameters when a third-party website needs to be logged in subsequently.
It should be noted that one proxy node may support multiple web sites to perform cross-site login of a third-party website, and this embodiment does not limit the number of web sites that one proxy node supports cross-site login.
In addition, it should be understood that the above steps of the various methods are divided for clarity, and the implementation may be combined into one step or split into some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included in the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Another aspect of the embodiments of the present invention further provides a third-party website login apparatus, referring to fig. 4, including:
the sending module 401 is configured to send, according to a preset rule, the current user identity information of the user to a preset platform and redirect the current page to a login page of the third-party website when the user requests to access the third-party website.
The receiving module 402 is configured to receive a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website.
And a login module 403, configured to parse the redirection request, and complete cross-site login of the third-party website according to the obtained user identity information.
It should be understood that the present embodiment is an apparatus embodiment corresponding to the method embodiment, and the present embodiment can be implemented in cooperation with the method embodiment. The related technical details mentioned in the method embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related art details mentioned in the present embodiment can also be applied in the method embodiment.
It should be noted that, all the modules involved in this embodiment are logic modules, and in practical application, one logic unit may be one physical unit, may also be a part of one physical unit, and may also be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, a unit which is not so closely related to solve the technical problem proposed by the present invention is not introduced in the present embodiment, but this does not indicate that there is no other unit in the present embodiment.
An embodiment of the present application further provides an electronic device, with reference to fig. 5, including: comprises at least one processor 501; and a memory 502 communicatively coupled to the at least one processor 501; the memory 502 stores instructions executable by the at least one processor 501, and the instructions are executed by the at least one processor 501, so that the at least one processor 501 can execute the third party website login method described in any of the above method embodiments.
The memory 502 and the processor 501 are coupled by a bus, which may include any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 501 and the memory 502 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 501 is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor 501.
The processor 501 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 502 may be used to store data used by processor 501 in performing operations.
Another aspect of the embodiments of the present invention also provides a computer-readable storage medium storing a computer program. The computer program realizes the above-described method embodiments when executed by a processor.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the present application, and that various changes in form and details may be made therein without departing from the spirit and scope of the present application in practice.

Claims (12)

1. A third-party website login method is characterized by comprising the following steps:
under the condition that a user requests to access a third-party website, sending the current user identity information of the user to a preset platform according to a preset rule, and redirecting the current page to a login page of the third-party website;
receiving a redirection request and the user identity information returned by the preset platform after the user successfully logs in the third-party website;
and analyzing the redirection request, and finishing the cross-site login of the third-party website according to the acquired user identity information.
2. The third-party website login method according to claim 1, wherein the sending the current user identity information of the user to a preset platform according to a preset rule comprises:
under the condition that the preset platform is the third-party website, encrypting the current user identity information of the user according to a preset asymmetric encryption algorithm;
and sending the encrypted user identity information to the third-party website.
3. The method of claim 2, wherein the asymmetric encryption algorithm is any one of the following algorithms: RSA algorithm, DSA algorithm, ECC algorithm, and DH algorithm.
4. The third-party website login method according to claim 2, wherein the sending the encrypted user identity information to the third-party website comprises:
and adding the encrypted user identity information into the service parameters of the third-party website, and sending the service parameters to the third-party website.
5. The third party website login method according to claim 4, further comprising, before the sending the service parameter to the third party website:
and carrying out redirection coding on the service parameters, allowing the third-party website to use the service parameters as uniform resource locators, and returning the redirection request according to the uniform resource locators.
6. The third-party website login method according to claim 1, wherein the sending the current user identity information of the user to a preset platform according to a preset rule comprises:
and under the condition that the preset platform is the proxy node, transmitting the user identity information and the redirection resource locator to the proxy node according to a hypertext transfer protocol, so that the proxy node returns the redirection request according to the redirection resource locator after the user successfully logs in the third-party website.
7. The method of claim 6, wherein after transmitting the user identity information and redirection resource locator to the proxy node according to hypertext transfer protocol, further comprising:
receiving a login identifier returned by the proxy node;
the redirecting the current page to the landing page of the third-party website includes: and redirecting the current page to the proxy node according to the login identification, and redirecting the current page to the third-party login website through the proxy node.
8. The third party website login method according to any one of claims 1 to 7, wherein the third party website is a website embedded by a preset tag.
9. The third party website login method of claim 8, wherein the preset tag comprises: an Iframe tag and an object tag.
10. A third party website login device, comprising:
the sending module is used for sending the current user identity information of the user to a preset platform according to a preset rule under the condition that the user requests to access a third-party website, and redirecting the current page to a login page of the third-party website;
the receiving module is used for receiving a redirection request and the user identity information which are returned by the preset platform after the user successfully logs in the third-party website;
and the login module is used for analyzing the redirection request and finishing the cross-site login of the third-party website according to the acquired user identity information.
11. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the third party website login method of any one of claims 1-9.
12. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the third party website login method of any one of claims 1 to 9.
CN202111101817.4A 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium Active CN113965352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111101817.4A CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111101817.4A CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113965352A true CN113965352A (en) 2022-01-21
CN113965352B CN113965352B (en) 2023-12-01

Family

ID=79461656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111101817.4A Active CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113965352B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004006499A1 (en) * 2002-07-02 2004-01-15 America Online Incorporated Seamless cross-site user authentication status detection and automatic login
CN1812403A (en) * 2005-01-28 2006-08-02 广东省电信有限公司科学技术研究院 Single-point logging method for realizing identification across management field
WO2011017924A1 (en) * 2009-08-11 2011-02-17 华为终端有限公司 Method, system, server, and terminal for authentication in wireless local area network
US20140007205A1 (en) * 2012-06-28 2014-01-02 Bytemobile, Inc. No-Click Log-In Access to User's Web Account Using a Mobile Device
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
US20140165156A1 (en) * 2012-12-10 2014-06-12 Dropbox, Inc. Using a session continuity token to access an online content management system
WO2016000425A1 (en) * 2014-07-02 2016-01-07 百度在线网络技术(北京)有限公司 Method and server for logging in to third-party site
CN105472052A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Login method and system of cross-domain server
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
US20170093828A1 (en) * 2015-09-25 2017-03-30 Nicolas Lupien System and method for detecting whether automatic login to a website has succeeded
CN109067914A (en) * 2018-09-20 2018-12-21 星环信息科技(上海)有限公司 Proxy Method, device, equipment and the storage medium of Web service
CN112333198A (en) * 2020-11-17 2021-02-05 中国银联股份有限公司 Secure cross-domain login method, system and server
CN113329028A (en) * 2021-06-17 2021-08-31 中国农业银行股份有限公司 Cross-domain access method and device
CN113411324A (en) * 2021-06-17 2021-09-17 南京网觉软件有限公司 Method and system for realizing login authentication based on CAS and third-party server

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004006499A1 (en) * 2002-07-02 2004-01-15 America Online Incorporated Seamless cross-site user authentication status detection and automatic login
CN1812403A (en) * 2005-01-28 2006-08-02 广东省电信有限公司科学技术研究院 Single-point logging method for realizing identification across management field
WO2011017924A1 (en) * 2009-08-11 2011-02-17 华为终端有限公司 Method, system, server, and terminal for authentication in wireless local area network
US20140007205A1 (en) * 2012-06-28 2014-01-02 Bytemobile, Inc. No-Click Log-In Access to User's Web Account Using a Mobile Device
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
US20140165156A1 (en) * 2012-12-10 2014-06-12 Dropbox, Inc. Using a session continuity token to access an online content management system
WO2016000425A1 (en) * 2014-07-02 2016-01-07 百度在线网络技术(北京)有限公司 Method and server for logging in to third-party site
CN105472052A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Login method and system of cross-domain server
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
US20170093828A1 (en) * 2015-09-25 2017-03-30 Nicolas Lupien System and method for detecting whether automatic login to a website has succeeded
CN109067914A (en) * 2018-09-20 2018-12-21 星环信息科技(上海)有限公司 Proxy Method, device, equipment and the storage medium of Web service
CN112333198A (en) * 2020-11-17 2021-02-05 中国银联股份有限公司 Secure cross-domain login method, system and server
CN113329028A (en) * 2021-06-17 2021-08-31 中国农业银行股份有限公司 Cross-domain access method and device
CN113411324A (en) * 2021-06-17 2021-09-17 南京网觉软件有限公司 Method and system for realizing login authentication based on CAS and third-party server

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
A.L. HEUER; F. LOSEMANN; C. MEINEL;: "Logging and signing document-transfers on the WWW-a trusted third party gateway", PROCEEDINGS OF THE FIRST INTERNATIONAL CONFERENCE ON WEB INFORMATION SYSTEMS ENGINEERING, pages 146 - 152 *
BHALE PRADEEPKUMAR GAJENDRA; VINAY KUMAR SINGH;: "Achieving cloud security using third party auditor, MD5 and identity-based encryption", 2016 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND AUTOMATION (ICCCA), pages 1304 - 1309 *
DOYGUN DEMIROL; GURKAN TUNA; RESUL DAS: "A simple logging system for safe internet use", 2017 INTERNATIONAL ARTIFICIAL INTELLIGENCE AND DATA PROCESSING SYMPOSIUM (IDAP), pages 1 - 5 *
徐辉;: "基于.NET Web服务的跨域单点登录系统的实现", 电脑知识与技术, no. 20, pages 133 - 134 *
李强: "基于CAS和OAuth的统一认证授权系统设计", 信息技术与网络安全., vol. 40, no. 06, pages 83 - 88 *
董超, 杨超, 马建峰, 张俊伟: "Android系统中第三方登录漏洞与解决方案", 计算机学报, vol. 39, no. 3, pages 582 - 594 *

Also Published As

Publication number Publication date
CN113965352B (en) 2023-12-01

Similar Documents

Publication Publication Date Title
CN106209749B (en) Single sign-on method and device, and related equipment and application processing method and device
US11665146B2 (en) Migrating authenticated content towards content consumer
US10270758B2 (en) Login method, server, and login system
US8621589B2 (en) Cross domain single sign on
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
US10904227B2 (en) Web form protection
US20140068702A1 (en) Single sign-on system and method
EP4191955A1 (en) Method and device for securely accessing intranet application
CN107046544B (en) Method and device for identifying illegal access request to website
CN103188248A (en) Identity authentication system and method based on single sign-on
CN109067739B (en) Communication data encryption method and device
US10581806B2 (en) Service providing method, service requesting method, information processing device, and client device
US10348701B2 (en) Protecting clients from open redirect security vulnerabilities in web applications
US11611551B2 (en) Authenticate a first device based on a push message to a second device
CN105721412A (en) Method and device for authenticating identity between multiple systems
CN108965311A (en) Encryption of communicated data method and apparatus
CN113381979A (en) Access request proxy method and proxy server
US10292050B2 (en) Method, apparatus, and platform for sharing wireless local area network
WO2020243245A1 (en) Protection of online applications and webpages using a blockchain
CN111049832A (en) Reverse proxy method and related device
CN106549760A (en) Auth method and device based on cookie
CN114584381A (en) Security authentication method and device based on gateway, electronic equipment and storage medium
CN108390878B (en) Method and device for verifying network request security
JP5618883B2 (en) Authentication system, authentication linkage device, authentication method
CN113965352B (en) Third-party website login method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant