CN104468550A - User login method for Windows desktop, device and system - Google Patents
User login method for Windows desktop, device and system Download PDFInfo
- Publication number
- CN104468550A CN104468550A CN201410712291.7A CN201410712291A CN104468550A CN 104468550 A CN104468550 A CN 104468550A CN 201410712291 A CN201410712291 A CN 201410712291A CN 104468550 A CN104468550 A CN 104468550A
- Authority
- CN
- China
- Prior art keywords
- module
- server
- authentication result
- user
- user profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a user login method for a Windows desktop, a device and a system, and relates to the technical field of computers. The authentication login of the Windows desktop is conducted through a non-AD authentication server. The method includes the steps that a login lug-in interface module receives user information and sends the user information to a server butt joint plug-in module through a service plug-in management module; the server butt joint plug-in module sends the user information to the non-AD authentication server connected with the server butt joint plug-in module in a butt joint mode. The server butt joint plug-in module receives the first authentication result sent by the non-AD authentication server and sends the first authentication result to the login plug-in interface module through the service plug-in management module. The login plug-in interface module receives the first authentication result and sends the first authentication result to a Windows operating system, and therefore the Windows desktop can be conveniently presented to a user terminal through the Windows operating system when the first authentication result is successful.
Description
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of user login method of windows desktop, equipment and system.
Background technology
AD (Active Directory, Active Directory (is the directory service towards Microsoft Windows operating system, AD stores the corresponding relation between the information of related network object and network object, and keeper and user can search like a cork and use these information.Such as: before user uses Windows virtual desktop, need first for user provides Windows virtual desktop.Keeper first on AD for user creates territory account, then the identification information of virtual machine is added AD territory.Afterwards, the accounts information of user and the identification information of virtual machine are associated by DC (Desktop Controller, desktop control) by keeper, and persistence is preserved.
When user logs in Windows virtual desktop, user accesses WI (WebInterface, the network interface) page in terminal, and inputs username and password.The username and password that user inputs is sent to AD and carries out certification by WI afterwards.After certification is passed through, the WI page shows the resources of virtual machine under user name.User chooses the virtual machine desktop that will log in, the username and password of user is sent to AD and carries out certification by desktop protocol client now in terminal again, after authentication success, user logs in windows desktop, is run by Windows operating system computer for controlling.
Due to the service system that AD is Microsoft's exploitation, when therefore user uses, there is many restrictions.On the one hand, if the LIST SERVER that client used originally is not AD, but other LIST SERVERs, then Current protocols cannot use Windows virtual desktop.This will waste the existing IT infrastructure of client, destroy continuity and the income of client IT investment.On the other hand, the maintenance cost of AD is very high, and some small-scale virtual desktop clients are difficult to bear maintenance cost.
Summary of the invention
The embodiment of the present invention provides a kind of user login method, equipment and system of windows desktop, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.
For achieving the above object, the technical scheme that the embodiment of the present invention adopts is,
First aspect, discloses a kind of user login method of windows desktop, comprising:
Log in card i/f module receives user information, to server, described user profile is sent to connector module by service plug administration module;
The inactive directory A D certificate server of described user profile to docking sends connector module by described server, so that described non-ad certificate server carries out certification according to described user profile, draws the first authentication result;
Described server receives described first authentication result of described non-ad certificate server transmission to connector module, sends described first authentication result by described service plug administration module to described login card i/f module;
Described login card i/f module receives described first authentication result, and send described first authentication result to Windows operating system, so that described Windows operating system described first authentication result be successfully time, present windows desktop to user terminal.
In conjunction with first aspect, in the first possible implementation of first aspect, described user profile is that rear that user's Windows operating system that need log on virtual machine obtains on desktop control DC sends to described login card i/f module.
In conjunction with the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, before described login card i/f module obtains described user profile, described method also comprises:
Webpage web server receives the described user profile that described user inputs at the web-page interface WI page, described user profile is sent to described non-ad certificate server, so that described non-ad certificate server carries out certification according to described user profile, draw the second authentication result;
Described web server described second authentication result be successfully after, inquire about the resources of virtual machine of described user to DC;
Described web server receives the Query Result that DC sends, and shows the resources of virtual machine of described user at the described WI page, so that described user chooses the virtual machine that need log in.
In conjunction with first, second kind of second aspect or second aspect possible implementation, in the third possible implementation of second aspect, described non-ad certificate server is Light Directory Access Protocol LADP server or remote customer dialing authentication server RADIUS.
Second aspect, discloses a kind of user login method of windows desktop, comprising:
Log in the user profile of card i/f module receives user input, to server, described user profile is sent to connector module by service plug administration module;
The inactive directory A D certificate server of described user profile to docking sends connector module by described server, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server receives the described authentication result of described non-ad certificate server transmission to connector module, sends described authentication result by described service plug administration module to described login card i/f module;
Described login card i/f module receives described authentication result, and sends described authentication result to Windows operating system so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
In conjunction with second aspect, in the first possible implementation of second aspect, described non-ad certificate server is Light Directory Access Protocol LADP server or remote customer dialing authentication server RADIUS.
The third aspect, disclose a kind of physical host, comprise hardware layer, operate in the virtual machine monitoring unit VMM on described hardware layer, operate at least one virtual machine on described VMM, described physical host also comprises: operate in login card i/f module, service plug administration module and server on each virtual machine Windows operating system to connector module
Described login card i/f module, need log in the user profile of the Windows operating system transmission on virtual machine, described user profile being sent to service plug administration module for receiving user; Described user profile is that the Windows operating system that described user need log on virtual machine obtains on desktop control DC;
Described service plug administration module is used for, and receives the described user profile that described login card i/f module sends, sends described user profile to described server to connector module;
Described server is used for connector module, is sent by the inactive directory A D certificate server of described user profile to docking, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server to connector module also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module;
Described service plug administration module also for, receive the described authentication result that described server sends connector module, described authentication result sent to described login card i/f module;
Described login card i/f module also for, receive the described authentication result that described service plug administration module sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
Fourth aspect, discloses a kind of physical host, comprises hardware layer, and operate in the Windows operating system on described hardware layer, described physical host also comprises; Operate in login card i/f module, service plug administration module and server on described Windows operating system to connector module,
Described login card i/f module, for receiving the user profile of user's input, sends described user profile to service plug administration module;
Described service plug administration module is used for, and receives the described user profile that described login card i/f module sends, sends described user profile to described server to connector module;
Described server is used for connector module, is sent by the inactive directory A D certificate server of described user profile to docking, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server to connector module also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module;
Described service plug administration module also for, receive the described authentication result that described server sends connector module, described authentication result sent to described login card i/f module;
Described login card i/f module also for, receive the described authentication result that described service plug administration module sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
5th aspect, discloses a kind of system, comprising: web server, physical host and non-ad certificate server,
Described web server, for receiving the user profile that user inputs at the web-page interface WI page, sending described user profile to described non-ad certificate server, so that described non-ad certificate server carries out certification according to described user profile, drawing authentication result; Described authentication result be successfully after, inquire about the resources of virtual machine of described user to desktop control DC; Receive the Query Result that described DC sends, and show the resources of virtual machine of described user at the described WI page, so that described user chooses the virtual machine that need log in;
Described non-ad certificate server, for carrying out certification according to the user profile received, draws authentication result;
Described physical host is the physical host described in the technique scheme third aspect.
5th aspect, discloses a kind of system, comprising: physical host and non-ad certificate server,
Described physical host is the physical host described in technique scheme fourth aspect;
Described non-ad certificate server, for carrying out certification according to the user profile received, draws authentication result.
The user login method of the windows desktop that the embodiment of the present invention is passed through, equipment and system, logged in card i/f module and obtain user profile, described user profile sent to service plug administration module by the transmission of service plug administration module.Sent by the non-ad certificate server of described user profile to docking connector module by server, non-ad certificate server carries out certification according to described user profile, draws authentication result.Server receives authentication result to connector module, and authentication result is sent to service plug administration module by the transmission of service plug administration module.Log in card i/f module and show described authentication result, and send described authentication result to Windows operating system.After certification is passed through, user just can use windows desktop.User uses non-ad certificate server to use windows desktop compared to existing technology, method provided by the invention, equipment and system, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.On the other hand, it is lower that client carries out maintenance cost to existing non-ad certification clothes, can avoid by safeguarding the higher expense that AD certificate server brings.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The structured flowchart of the physical host that Fig. 1 provides for the embodiment of the present invention 1;
The structured flowchart of another physical host that Fig. 2 provides for the embodiment of the present invention 1;
The schematic flow sheet of the user login method of the windows desktop that Fig. 3 provides for the embodiment of the present invention 2;
Fig. 4 is virtual machine technique schematic diagram;
The schematic flow sheet of the user login method of the windows desktop that Fig. 5 provides for the embodiment of the present invention 3;
The schematic flow sheet of the user login method of the windows desktop that Fig. 6 provides for the embodiment of the present invention 4.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Usually, if the certificate server that user uses is AD, it is as follows that virtual machine logs in flow process: user inputs WI (Web Interface at terminal browser, web interface) domain name access WI, user inputs user name and password on the WI page, the user name of user and password are sent to AD certificate server and carry out initial authentication by WI, initial authentication can ask DC (Desktop Controller by rear WI, desktop control) inquiring user resources of virtual machine list under one's name, and Query Result is presented on the WI page for user's selection.User chooses the virtual machine that will log in, and the windows desktop protocol client that terminal is installed then can connect by AG (AccessGateway, access gateway) virtual machine that user chooses, and is shipped in terminal by virtual machine desktop.Simultaneously, user chooses the Windows operating system of the virtual machine that will log in also can be again sent on AD certificate server by the username and password of user to carry out re-authentication, after re-authentication passes through, user's ability successful log virtual machine, uses windows desktop.
If user installation is the operating system of Microsoft, but the AD of the certificate server Bu Shi Microsoft acquiescence used, but non-ad certificate server.When carrying out above-mentioned first checking, the user name of user and password are sent to non-ad certificate server and carry out initial authentication by WI, carry out Windows operating system when above-mentioned secondary is verified and can give tacit consent to addressing AD certificate server, the username and password that intention sends user carries out re-authentication to AD certificate server.Because user does not use AD certificate server, can user authentication failure be caused, and then cause user normally cannot use windows desktop.
For non-virtual machine user, the CP of user in Windows operating system (Credential Provider, authentication service supplier) or GINA (GraphicalIdentification and Authentication, graphical identification and authentication module) input username and password in the login page that provides, Windows operating system can give tacit consent to addressing AD certificate server equally, and the username and password that intention sends user carries out certification to AD certificate server.Because user does not use AD certificate server, can user authentication failure be caused, and then cause user normally cannot use windows desktop.
The CP/GINA that the present invention is based in Windows operating system expands, a kind of method and physical host are provided, use the scene of non-ad certificate server user under, the user name of user and password are redirected on non-ad certificate server and carry out above-mentioned secondary checking, or the username and password that user inputs is sent on non-ad server and verifies, can in order to realize being redirected of user authentication, the certification that non-ad certificate server can be used to carry out windows desktop logs in.
Embodiment 1:
The invention process provides a kind of physical host, as shown in Figure 1, comprise hardware layer 10, operate in virtual machine monitoring unit VMM (the Virtual MachineMonitor on described hardware layer, monitor of virtual machine) 11, operate at least one virtual machine 12 on described VMM, operate in the login card i/f module 120 on each VME operating system (the present invention refers in particular to Windows operating system), service plug administration module with 121 and server to connector module 122.
Described login card i/f module 120, need log in the user profile of the Windows operating system transmission on virtual machine, described user profile being sent to service plug administration module for receiving user; Described user profile is that the Windows operating system that described user need log on virtual machine obtains on desktop control DC.
Described service plug administration module 121 for, receive described login card i/f module 120 send described user profile, to described server, described user profile is sent to connector module 122.
Described server to connector module 122 for, the inactive directory A D certificate server of described user profile to docking is sent, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result.
Described server to connector module 122 also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module 121;
Described service plug administration module 121 also for, receive the described authentication result that described server sends connector module 122, described authentication result sent to described login card i/f module 120;
Described login card i/f module 120 also for, receive the described authentication result that described service plug administration module 121 sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
The embodiment of the present invention additionally provides a kind of physical host, as shown in Figure 2, comprise hardware layer 20, operate in the operating system (the present invention refers in particular to Windows operating system) 21 on described hardware layer, operate in login card i/f module 210, service plug administration module 211 and server on described Windows operating system to connector module 212.
Described login card i/f module 210, for receiving the user profile of user's input, sends described user profile to service plug administration module.Certainly, described login card i/f module 210 user oriented provides a login interface, so that user inputs username and password.Log in card i/f module 210 and can also provide amendment user cipher, the functions such as locking.
Described service plug administration module 211 for, receive described login card i/f module 210 send described user profile, to described server, described user profile is sent to connector module 212.
Described server to connector module 212 for, the inactive directory A D certificate server of described user profile to docking is sent, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result.
Described server to connector module 212 also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module 211;
Described service plug administration module 211 also for, receive the described authentication result that described server sends connector module 212, described authentication result sent to described login card i/f module 210;
Described login card i/f module 210 also for, receive the described authentication result that described service plug administration module 211 sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
It should be noted that, logging in card i/f module can be CP (CredentialProvider, authentication service supplier) or GINA (Graphical Identification andAuthentication, graphical identification and authentication module).Wherein, in the Windows system before Windows Vista, by the certification of GINA completing user, in the Windows system after Windows Vista, be then carry out completing user certification by CP.Service plug administration module can be Extension Service (expansion service).Server can be Service Plugin (server plug-ins) to connector module.In addition, login card i/f module, service plug administration module and the server docking plug-in management module that the invention process provides is the module on physical host.Non-ad certificate server can be LADP (LightweightDirectory Access Protocol, Light Directory Access Protocol) server or RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication server).
The equipment that the embodiment of the present invention is passed through, is logged in card i/f module and obtains user profile, described user profile sent to service plug administration module by the transmission of service plug administration module.Sent by the non-ad certificate server of described user profile to docking connector module by server, non-ad certificate server carries out certification according to described user profile, draws authentication result.Server receives authentication result to connector module, and authentication result is sent to service plug administration module by the transmission of service plug administration module.Log in card i/f module and show described authentication result, and send described authentication result to Windows operating system.After certification is passed through, user just can use windows desktop.User uses non-ad certificate server to use windows desktop compared to existing technology, equipment provided by the invention, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.On the other hand, it is lower that client carries out maintenance cost to existing non-ad certification clothes, can avoid by safeguarding the higher expense that AD certificate server brings.
Embodiment 2:
The embodiment of the present invention provides a kind of user login method of windows desktop, as shown in Figure 3, said method comprising the steps of:
301, log in card i/f module receives user information, to server, described user profile is sent to connector module by service plug administration module.
Wherein, described user profile can be the username and password of user.Described user profile is that rear that user's Windows operating system that need log on virtual machine obtains on desktop control DC sends to described login card i/f module.
In addition, before step 301, web (webpage) server receives the described user profile that described user inputs at the web-page interface WI page, sends described user profile to described non-ad certificate server.Described non-ad certificate server carries out certification according to described user profile, draws the second authentication result, and sends described second authentication result to described web server.Described web server described second authentication result be successfully after, inquire about the resources of virtual machine of described user to DC.Described web server receives the Query Result that DC sends, and shows the resources of virtual machine of described user at the described WI page, so that described user chooses the virtual machine that need log in.
302, the inactive directory A D certificate server of described user profile to docking sends connector module by described server, so that described non-ad certificate server carries out certification according to described user profile, draws the first authentication result.
This is because service plug administration module is in charge of various service plug, as a bridge, the username and password that user inputs is passed to server to connector module simultaneously, therefore, the user profile logging in the acquisition of card i/f module just must can be sent to server to connector module via service plug administration module.
Due to store the user name of user, password and user in non-ad certificate server other authorities between corresponding relation, therefore, also can carry out certification to user at use non-ad certificate server.Particularly, non-ad certificate server is by the user name received, password and be kept at user name on non-ad server, password compares one by one, if exist with non-ad certificate server by consistent to the user name, the password that receive user name, password, then authentication success; If inconsistent, then authentification failure.
303, described server receives described first authentication result of described non-ad certificate server transmission to connector module, sends described first authentication result by described service plug administration module to described login card i/f module.
In like manner, be also the transmission owing to having to pass through service plug administration module, server could be back to the authentication result of server connector module and log in card i/f module.
304, described login card i/f module receives described first authentication result, and send described first authentication result to Windows operating system, so that described Windows operating system described first authentication result be successfully time, present windows desktop to user terminal.
Like this, even if user uses non-ad certificate server, also certification can be completed, in certification by rear use windows desktop.
It should be noted that, the first authentication result described in the present embodiment, the second authentication result there is no the meaning of priority, are only used to distinguish double probate and the definition done.
The user login method of the windows desktop that the embodiment of the present invention provides, is logged in card i/f module and obtains user profile, described user profile sent to service plug administration module by the transmission of service plug administration module.Sent by the non-ad certificate server of described user profile to docking connector module by server, non-ad certificate server carries out certification according to described user profile, draws authentication result.Server receives authentication result to connector module, and authentication result is sent to service plug administration module by the transmission of service plug administration module.Log in card i/f module and show described authentication result, and send described authentication result to Windows operating system.After certification is passed through, user just can use windows desktop.User uses non-ad certificate server to use windows desktop compared to existing technology, method provided by the invention, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.On the other hand, it is lower that client carries out maintenance cost to existing non-ad certification clothes, can avoid by safeguarding the higher expense that AD certificate server brings.
Embodiment 2:
Here, for convenience of understanding, do to illustrate to virtual machine technique.As shown in Figure 4, be the schematic diagram of virtual machine technique.As diagram, in virtual technology, Resource Storage is remote server (being generally data center), and diagram remote server A is exactly a remote server of serving virtual machine.Virtual machine B, C, D is fictionalized by Intel Virtualization Technology, installing operating system (such as Windows operating system) on virtual machine, if there is also mounted desktop operating system, then can provide virtual desktop E (such as windows desktop).And by RDP virtual desktop is delivered on terminal F and is shown to user.Certainly, the input and output of terminal also can be mapped to remote server.
The embodiment of the present invention provides a kind of user login method of windows desktop, as shown in Figure 5, said method comprising the steps of:
401, the user profile of the WI page input of webpage (web) server receives user in terminal.
Wherein, described user profile can be username and password.The WI page is the webpage providing virtual machine business to user, and user can input user name, password to check the resources of virtual machine of oneself on the WI page, to select the virtual machine that will log in.In the present embodiment, the operating system that virtual machine is installed is Windows operating system.
Particularly, user opens the WI page by browser in terminal, inputs username and password afterwards.
402, described user profile is sent to non-ad certificate server by web server.
In fact, be by HTTP (Hypertext Transfer Protocol, HTTP), user is sent to non-ad certificate server at the username and password that the WI page inputs to carry out certification.
It should be noted that, it is in order to whether authentication of users is legal virtual machine user that user profile is sent to non-ad certificate server by step 202web server.Concrete, the user profile that non-ad certificate server contrast web server sends, the user name stored with self, password are compared one by one, if exist consistent with the user profile that web server sends, then certification is passed through; If do not exist, then authentification failure.
403, after authentication success, web server inquires about DC according to user name, obtains the resources of virtual machine of user.
Certainly, web server is the authentication result receiving the transmission of non-ad certificate server, then according to the authentication result determination authentication success received.
Here, DC can generate a secure identifier for user, the corresponding relation between the username and password of recording user and this secure identifier.In follow-up communication process, in order to ensure the network security of user, the username and password of user can not be carried out alternately, but replace user with this secure identifier.
404, web server receives the resources of virtual machine of user that DC returns and presents the resources of virtual machine list of user at the WI page.
Here, what web server received is the secure identifier of user and the resources of virtual machine of user.
405, user initiates logging request by terminal to Windows operating system.
Wherein, the logging request of initiation carries the secure identifier of user, and the present invention refers in particular to Windows operating system.Here operating system is the Windows operating system that the virtual machine chosen of user is installed.
Particularly, select the virtual machine that will log in the resources of virtual machine list that user shows on the WI page, due to user operation (choosing virtual machine), the Windows operating system that terminal is installed to the virtual machine chosen sends logging request.
406, Windows operating system asks described user profile to DC.
Particularly, the Windows operating system of installing on the virtual machine chosen due to step 205 terminal sends logging request, and remote server (such as illustrating the remote server A in 3) then sends the secure identifier of user to DC.DC just can lock the username and password of user in the corresponding relation list item stored according to the secure identifier of user, then the username and password found is sent to remote server.The username and password received is sent to the Windows operating system that the virtual machine chosen is installed by remote server.
It should be noted that, the user profile in step 401,402 and the user profile after step 406 are the username and password of described user.
407, Windows operating system sends described user profile to login card i/f module.
408, log in card i/f module and to server, described user profile is sent to connector module by service plug administration module.
Wherein, this server is dock with the non-ad certificate server described in the present embodiment to connector module.
409, server sends described user profile to connector module to non-ad certificate server.
410, non-ad certificate server carries out certification to described user profile, access authentication result.
Here, the user profile that non-ad certificate server contrast server sends connector module, the user name stored with self, password are compared one by one, if exist consistent with the user profile that web server sends, then certification is passed through; If do not exist, then authentification failure.
411, non-ad certificate server sends authentication result to server to connector module.
412, server sends authentication result by service plug administration module to login card i/f module to connector module.
413, log in card i/f and send described authentication result to Windows operating system.
If authentication success, then carry out step 214.
414, Windows operating system presents windows desktop to terminal.
Particularly, the Windows operating system that the virtual machine that described user chooses is installed presents windows desktop, and is presented in the terminal of user by RDP by windows desktop, and user just can use windows desktop.
It should be noted that, the Windows operating system in the present embodiment step 405-413 is the Windows operating system that will the virtual machine logged in runs that user chooses in step 405.
The user login method of the windows desktop that the embodiment of the present invention provides, is logged in card i/f module and obtains user profile, described user profile sent to service plug administration module by the transmission of service plug administration module.Sent by the non-ad certificate server of described user profile to docking connector module by server, non-ad certificate server carries out certification according to described user profile, draws authentication result.Server receives authentication result to connector module, and authentication result is sent to service plug administration module by the transmission of service plug administration module.Log in card i/f module and show described authentication result, and send described authentication result to Windows operating system.After certification is passed through, user just can use windows desktop.User uses non-ad certificate server to use windows desktop compared to existing technology, method provided by the invention, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.On the other hand, it is lower that client carries out maintenance cost to existing non-ad certification clothes, can avoid by safeguarding the higher expense that AD certificate server brings.
Embodiment 3:
The embodiment of the present invention provides a kind of user login method of windows desktop, as shown in Figure 6, said method comprising the steps of:
501, the user profile of card i/f module receives user input is logged in.
Wherein, described user profile can be username and password.
It should be noted that, in the present embodiment, described user is physical host user, logs in card i/f module user oriented and provides user's login interface, the log-in interface that shows in terminal of user to input username and password.
502, log in card i/f module and to server, described user profile is sent to connector module by service plug administration module.
503, server sends described user profile to connector module to non-ad certificate server.
504, non-ad certificate server carries out certification to described user profile, access authentication result.
505, non-ad certificate server sends described authentication result to server to connector module.
506, server sends described authentication result by service plug administration module to login card i/f module to connector module.
507, log in card i/f module and send described authentication result to Windows operating system.
508, Windows operating system receives described authentication result, described authentication result be successfully time, present windows desktop to user terminal.
The user login method of the windows desktop that the embodiment of the present invention provides, is logged in card i/f module and obtains user profile, described user profile sent to service plug administration module by the transmission of service plug administration module.Sent by the non-ad certificate server of described user profile to docking connector module by server, non-ad certificate server carries out certification according to described user profile, draws authentication result.Server receives authentication result to connector module, and authentication result is sent to service plug administration module by the transmission of service plug administration module.Log in card i/f module and show described authentication result, and send described authentication result to Windows operating system.After certification is passed through, user just can use windows desktop.User uses non-ad certificate server to use windows desktop compared to existing technology, method provided by the invention, and the certification that non-ad certificate server can be used to carry out windows desktop logs in.On the other hand, it is lower that client carries out maintenance cost to existing non-ad certification clothes, can avoid by safeguarding the higher expense that AD certificate server brings.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (10)
1. a user login method for windows desktop, is characterized in that, comprising:
Log in card i/f module receives user information, to server, described user profile is sent to connector module by service plug administration module;
The inactive directory A D certificate server of described user profile to docking sends connector module by described server, so that described non-ad certificate server carries out certification according to described user profile, draws the first authentication result;
Described server receives described first authentication result of described non-ad certificate server transmission to connector module, sends described first authentication result by described service plug administration module to described login card i/f module;
Described login card i/f module receives described first authentication result, and send described first authentication result to Windows operating system, so that described Windows operating system described first authentication result be successfully time, present windows desktop to user terminal.
2. method according to claim 1, is characterized in that, described user profile is that rear that user's Windows operating system that need log on virtual machine obtains on desktop control DC sends to described login card i/f module.
3. method according to claim 2, is characterized in that, before described login card i/f module obtains described user profile, described method also comprises:
Webpage web server receives the described user profile that described user inputs at the web-page interface WI page, described user profile is sent to described non-ad certificate server, so that described non-ad certificate server carries out certification according to described user profile, draw the second authentication result;
Described web server described second authentication result be successfully after, inquire about the resources of virtual machine of described user to DC;
Described web server receives the Query Result that DC sends, and shows the resources of virtual machine of described user at the described WI page, so that described user chooses the virtual machine that need log in.
4. the method according to any one of claim 1 or 3, is characterized in that, described non-ad certificate server is Light Directory Access Protocol LADP server or remote customer dialing authentication server RADIUS.
5. a user login method for windows desktop, is characterized in that, comprising:
Log in the user profile of card i/f module receives user input, to server, described user profile is sent to connector module by service plug administration module;
The inactive directory A D certificate server of described user profile to docking sends connector module by described server, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server receives the described authentication result of described non-ad certificate server transmission to connector module, sends described authentication result by described service plug administration module to described login card i/f module;
Described login card i/f module receives described authentication result, and sends described authentication result to Windows operating system so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
6. method according to claim 5, is characterized in that, described non-ad certificate server is Light Directory Access Protocol LADP server or remote customer dialing authentication server RADIUS.
7. a physical host, comprise hardware layer, operate in the virtual machine monitoring unit VMM on described hardware layer, operate at least one virtual machine on described VMM, it is characterized in that, described physical host also comprises: operate in login card i/f module, service plug administration module and server on each virtual machine Windows operating system to connector module
Described login card i/f module, need log in the user profile of the Windows operating system transmission on virtual machine, described user profile being sent to service plug administration module for receiving user; Described user profile is that the Windows operating system that described user need log on virtual machine obtains on desktop control DC;
Described service plug administration module is used for, and receives the described user profile that described login card i/f module sends, sends described user profile to described server to connector module;
Described server is used for connector module, is sent by the inactive directory A D certificate server of described user profile to docking, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server to connector module also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module;
Described service plug administration module also for, receive the described authentication result that described server sends connector module, described authentication result sent to described login card i/f module;
Described login card i/f module also for, receive the described authentication result that described service plug administration module sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
8. a physical host, comprise hardware layer, operate in the Windows operating system on described hardware layer, it is characterized in that, described physical host also comprises: operate in login card i/f module, service plug administration module and server on described Windows operating system to connector module
Described login card i/f module, for receiving the user profile of user's input, sends described user profile to service plug administration module;
Described service plug administration module is used for, and receives the described user profile that described login card i/f module sends, sends described user profile to described server to connector module;
Described server is used for connector module, is sent by the inactive directory A D certificate server of described user profile to docking, so that described non-ad certificate server carries out certification according to described user profile, draws authentication result;
Described server to connector module also for, receive the described authentication result that described non-ad certificate server sends, and described authentication result to be sent to described service plug administration module;
Described service plug administration module also for, receive the described authentication result that described server sends connector module, described authentication result sent to described login card i/f module;
Described login card i/f module also for, receive the described authentication result that described service plug administration module sends, and send described authentication result to Windows operating system, so that described Windows operating system described authentication result be successfully time, present windows desktop to user terminal.
9. a system, is characterized in that, comprising: webpage web server, physical host and non-ad certificate server,
Described web server, for receiving the user profile that user inputs at the web-page interface WI page, sending described user profile to described non-ad certificate server, so that described non-ad certificate server carries out certification according to described user profile, drawing authentication result; Described authentication result be successfully after, inquire about the resources of virtual machine of described user to desktop control DC; Receive the Query Result that described DC sends, and show the resources of virtual machine of described user at the described WI page, so that described user chooses the virtual machine that need log in;
Described non-ad certificate server, for carrying out certification according to the user profile received, draws authentication result;
Described physical host is physical host according to claim 7.
10. a system, is characterized in that, comprising: physical host and non-ad certificate server,
Described physical host is physical host according to claim 8;
Described non-ad certificate server, for carrying out certification according to the user profile received, draws authentication result.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410712291.7A CN104468550B (en) | 2014-11-28 | 2014-11-28 | A kind of user login method of windows desktop, equipment and system |
| PCT/CN2015/083280 WO2016082548A1 (en) | 2014-11-28 | 2015-07-03 | User login method, device and system for windows desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410712291.7A CN104468550B (en) | 2014-11-28 | 2014-11-28 | A kind of user login method of windows desktop, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104468550A true CN104468550A (en) | 2015-03-25 |
| CN104468550B CN104468550B (en) | 2018-10-19 |
Family
ID=52913922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410712291.7A Active CN104468550B (en) | 2014-11-28 | 2014-11-28 | A kind of user login method of windows desktop, equipment and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104468550B (en) |
| WO (1) | WO2016082548A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016082548A1 (en) * | 2014-11-28 | 2016-06-02 | 华为技术有限公司 | User login method, device and system for windows desktop |
| CN106534219A (en) * | 2016-12-31 | 2017-03-22 | 中国移动通信集团江苏有限公司 | Security authentication method and device for desktop cloud portal |
| CN106856471A (en) * | 2015-12-09 | 2017-06-16 | 北京艾科网信科技有限公司 | AD domains login authentication method under 802.1X |
| CN107026860A (en) * | 2017-04-01 | 2017-08-08 | 成都虫洞奇迹科技有限公司 | Login authentication method, apparatus and system |
| CN107086937A (en) * | 2016-02-14 | 2017-08-22 | 华为技术有限公司 | A kind of monitoring method and equipment |
| CN107908940A (en) * | 2017-11-06 | 2018-04-13 | 深圳市文鼎创数据科技有限公司 | The method and terminal device of a kind of fingerprint recognition |
| CN111193776A (en) * | 2019-12-11 | 2020-05-22 | 福建升腾资讯有限公司 | Method, device, equipment and medium for automatically logging in client under cloud desktop environment |
| CN111327578A (en) * | 2018-12-17 | 2020-06-23 | 上海擎感智能科技有限公司 | User ssh login authentication method |
| CN112272219A (en) * | 2020-10-16 | 2021-01-26 | 成都华栖云科技有限公司 | Multi-platform automatic cloud desktop publishing method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116962078A (en) * | 2023-09-19 | 2023-10-27 | 成都运荔枝科技有限公司 | Web system login management and control system based on browser plug-in |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070180449A1 (en) * | 2006-01-24 | 2007-08-02 | Citrix Systems, Inc. | Methods and systems for providing remote access to a computing environment provided by a virtual machine |
| CN101754466A (en) * | 2008-12-10 | 2010-06-23 | 运软网络科技(上海)有限公司 | Mobile virtualization base installation and mobile virtualization base platform |
| CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8701174B1 (en) * | 2011-09-27 | 2014-04-15 | Emc Corporation | Controlling access to a protected resource using a virtual desktop and ongoing authentication |
| CN103618768A (en) * | 2013-11-15 | 2014-03-05 | 华为技术有限公司 | Method and related device for deploying virtual machine |
| CN104468550B (en) * | 2014-11-28 | 2018-10-19 | 华为技术有限公司 | A kind of user login method of windows desktop, equipment and system |
-
2014
- 2014-11-28 CN CN201410712291.7A patent/CN104468550B/en active Active
-
2015
- 2015-07-03 WO PCT/CN2015/083280 patent/WO2016082548A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070180449A1 (en) * | 2006-01-24 | 2007-08-02 | Citrix Systems, Inc. | Methods and systems for providing remote access to a computing environment provided by a virtual machine |
| CN101754466A (en) * | 2008-12-10 | 2010-06-23 | 运软网络科技(上海)有限公司 | Mobile virtualization base installation and mobile virtualization base platform |
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
| CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016082548A1 (en) * | 2014-11-28 | 2016-06-02 | 华为技术有限公司 | User login method, device and system for windows desktop |
| CN106856471B (en) * | 2015-12-09 | 2019-12-17 | 北京艾科网信科技有限公司 | AD domain login authentication method under 802.1X |
| CN106856471A (en) * | 2015-12-09 | 2017-06-16 | 北京艾科网信科技有限公司 | AD domains login authentication method under 802.1X |
| CN107086937A (en) * | 2016-02-14 | 2017-08-22 | 华为技术有限公司 | A kind of monitoring method and equipment |
| CN107086937B (en) * | 2016-02-14 | 2020-01-10 | 华为技术有限公司 | Monitoring method and device |
| CN106534219A (en) * | 2016-12-31 | 2017-03-22 | 中国移动通信集团江苏有限公司 | Security authentication method and device for desktop cloud portal |
| CN107026860A (en) * | 2017-04-01 | 2017-08-08 | 成都虫洞奇迹科技有限公司 | Login authentication method, apparatus and system |
| CN107026860B (en) * | 2017-04-01 | 2020-10-16 | 成都灵跃云创科技有限公司 | Login authentication method, device and system |
| CN107908940A (en) * | 2017-11-06 | 2018-04-13 | 深圳市文鼎创数据科技有限公司 | The method and terminal device of a kind of fingerprint recognition |
| CN111327578A (en) * | 2018-12-17 | 2020-06-23 | 上海擎感智能科技有限公司 | User ssh login authentication method |
| CN111193776A (en) * | 2019-12-11 | 2020-05-22 | 福建升腾资讯有限公司 | Method, device, equipment and medium for automatically logging in client under cloud desktop environment |
| CN111193776B (en) * | 2019-12-11 | 2022-02-25 | 福建升腾资讯有限公司 | Method, device, equipment and medium for automatically logging in client under cloud desktop environment |
| CN112272219A (en) * | 2020-10-16 | 2021-01-26 | 成都华栖云科技有限公司 | Multi-platform automatic cloud desktop publishing method |
| CN112272219B (en) * | 2020-10-16 | 2022-11-04 | 成都华栖云科技有限公司 | Multi-platform automatic cloud desktop publishing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104468550B (en) | 2018-10-19 |
| WO2016082548A1 (en) | 2016-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104468550A (en) | User login method for Windows desktop, device and system | |
| CN103248699B (en) | Multi-account processing method of single sign on (SSO) information system | |
| US8365266B2 (en) | Trusted local single sign-on | |
| US10708339B2 (en) | Method for realizing data sharing between client and virtual desktop, client and system | |
| CN107637044B (en) | Secure in-band service detection | |
| CN102769631A (en) | Method, system and access equipment for accessing Cloud server | |
| CN107566323B (en) | Application system login method and device | |
| CN103609090A (en) | Method and device for identity login | |
| CN102984169A (en) | Single sign-on method, equipment and system | |
| CN105323253A (en) | Identity verification method and device | |
| CN103581184A (en) | Method and system for mobile terminal to get access to intranet server | |
| US9887986B2 (en) | Relay device, relay method, and program | |
| CN105554146A (en) | Remote access method and device | |
| CN105162775A (en) | Logging method and device of virtual machine | |
| US20220094689A1 (en) | Automatically Executing Responsive Actions Based on a Verification of an Account Lineage Chain | |
| CN103401883A (en) | Single sign-on method and system | |
| CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| CN104168304A (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
| CN104580112A (en) | Service authentication method and system, and server | |
| CN110401641A (en) | User authen method, device, electronic equipment | |
| US10129074B2 (en) | Techniques for accessing logical networks via a virtualized gateway | |
| CN103152351A (en) | Network equipment and AD (Active Directory) domain single sign on method and system | |
| CN104821951A (en) | Safety communication method and device | |
| CN102510338A (en) | System, device and method for security certificate for multi-organization interconnection system | |
| CN104243488B (en) | A kind of login authentication method of inter-network site server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220217 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters building, Longgang District, Shenzhen City, Guangdong Province, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |