CN115001808B - Domain user login method, device, equipment and medium - Google Patents

Domain user login method, device, equipment and medium Download PDF

Info

Publication number
CN115001808B
CN115001808B CN202210606577.1A CN202210606577A CN115001808B CN 115001808 B CN115001808 B CN 115001808B CN 202210606577 A CN202210606577 A CN 202210606577A CN 115001808 B CN115001808 B CN 115001808B
Authority
CN
China
Prior art keywords
domain
user login
login information
user
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210606577.1A
Other languages
Chinese (zh)
Other versions
CN115001808A (en
Inventor
杜天文
王敏
陈智胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210606577.1A priority Critical patent/CN115001808B/en
Publication of CN115001808A publication Critical patent/CN115001808A/en
Application granted granted Critical
Publication of CN115001808B publication Critical patent/CN115001808B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a domain user login method, a device, equipment and a medium, which can be applied to the field of network security or finance. The method comprises the following steps: acquiring user login information for logging in a system in a target domain; the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information; and receiving verification information, if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information, and finally sending the token to a front-end server, so that the front-end server enables a domain user corresponding to the user login information to log in a system in a target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.

Description

Domain user login method, device, equipment and medium
Technical Field
The present application relates to the field of network security, and in particular, to a domain user login method, device, apparatus, and medium.
Background
The existing system is provided with a user login mode, and the user login mode of the system generally needs a user to log in by using a registered account and a registered password after registering in the system, or uses a third party to log in through qq, weChat, microblog and the like.
Since an enterprise may have a plurality of systems, such as a business system, a wage system, an employee information management system, etc., each system requires an employee to register before logging in, registering in each system takes a lot of time for the employee, and the employee needs to memorize the account number and the password of each system, which is not friendly in terms of convenience of use of the system and convenience of management of the employee to his own account.
The third party logging method avoids a series of problems caused by the fact that users register in all the systems, but the method requires that enterprises can be connected with an external network, and most enterprises cannot be connected with the external network due to safety, so that staff cannot log in all the systems by using the third party, and therefore the enterprise requirement cannot be met by using the third party logging method.
In summary, there is a need for a method that enables a user to log in uniformly to multiple systems without connecting to an external network.
Disclosure of Invention
In view of this, the present application provides a domain user login method, device, equipment and medium, which are used for enabling users to log in a plurality of systems in a unified way under the condition of not connecting an external network, and the technical scheme is as follows:
A domain user login method, comprising:
acquiring user login information for logging in a system in a target domain;
the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
And sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the sending the user login information to the domain server corresponding to the target domain includes:
preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
Optionally, the preprocessing the user login information by using the authentication domain user API interface to obtain preprocessed user login information includes:
Encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
And processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
Optionally, the generating the token corresponding to the user login information includes:
And generating a token corresponding to the user login information by using a JWT authentication mechanism.
Optionally, the user login information includes a domain user account and a domain password.
A domain user login device comprising:
the login information acquisition module is used for acquiring user login information of a system in a login target domain;
The login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
The token generation module is used for receiving the verification information, and generating a token corresponding to the user login information if the verification information characterizes that the user login information is successfully verified;
and the token sending module is used for sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the login information sending module includes:
The login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information;
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
Optionally, the login information preprocessing module includes:
The encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
A domain user login device comprising a memory and a processor;
the memory is used for storing programs;
The processor is configured to execute the program to implement the steps of the domain user login method according to any one of the above.
A readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a domain user login method as claimed in any one of the preceding claims.
According to the technical scheme, the domain user login method provided by the application comprises the steps of firstly obtaining the user login information of the system in the login target domain, then sending the user login information to the domain server corresponding to the target domain, so that the domain server can verify the user login information, returning the verification information, then receiving the verification information, generating a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sending the token to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a domain user login method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a process by which enterprise domain users access systems within a target domain;
FIG. 3 is a schematic diagram of a domain user login device according to an embodiment of the present application;
Fig. 4 is a hardware structure block diagram of a domain user login device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In view of the problems existing in the prior art, the inventor of the present application has conducted intensive research and finally provided a domain user login method, device, equipment and medium.
It should be noted that the domain user login method, device, equipment and medium provided by the invention can be applied to the network security field or the financial field. The foregoing is merely an example, and is not intended to limit the application fields of the domain user login method, device, apparatus and medium provided by the present invention.
Before introducing the domain user login method, the device, the equipment and the medium provided by the application, a plurality of nouns related to the application are introduced.
Domain user: the domain is not only a logical organization unit of the windows network operating system, but also a logical organization unit of the internet, and in the windows network operating system, the domain is a security boundary. The impermissible manager can only manage the inside of the domain unless other domains are given their management in a display. Each domain has its own security policy and its secure trust relationship with other domains.
Django framework: django is a web application framework of open source code, written by python.
JWT: english, collectively referred to as json web token, JWT is a published json-based specification that allows us to use JWT to communicate secure and reliable information between users and servers. Two usage scenarios for JWTs are authentication and data exchange.
Django_rest_frame work: the django rest is a plug-in of the django web framework, and the rest api is built through django rest framework very conveniently and quickly, so that the method is particularly suitable for the front-back end separation mode at present.
Next, the domain user login method provided by the present application will be described in detail through the following embodiments.
The domain user login method provided by the application can be applied to a background server. For a person skilled in the art to understand the present application, please refer to fig. 1, which shows a flow chart of a domain user login method according to an embodiment of the present application, where the domain user login method may include:
Step S101, user login information for logging in a system in a target domain is acquired.
Specifically, the front-end server interacting with the back-end server may provide a login interface, and the user may input user login information at the login interface provided by the front-end server, so as to login and access all systems in the target domain through the user login information.
Optionally, the user login information may include a domain user account and a domain password corresponding to the domain user account.
Of course, the user login information may also include other information, such as an identifier of the target domain, which is not limited in the present application.
Alternatively, the system within the target domain may be a windows system developed using django.
In this step, after the user inputs the user login information on the login interface, the front-end server may send the user login information to the background server, so that the background server may obtain the user login information of the system in the user login target domain.
In this step, the target domain may include one system or may include a plurality of systems, and no matter whether the target domain includes one system or a plurality of systems, the user only needs to register the user login information once, and input the user login information once when the user needs to access the system in the target domain, and the user login information does not need to register and log in separately in each system.
Step S102, the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information.
It will be appreciated that each domain has a corresponding domain server. In this step, the background server may send the user login information obtained in the previous step to the domain server corresponding to the target domain for verification (i.e. authentication).
Here, when the user initially uses the system in the target domain, the user may register personal information on the registration interface, and when the user registers personal information (registered personal information is user login information in this embodiment), the domain server corresponding to the target domain stores the registered user login information, so that after receiving the user login information sent by the background server, the domain server corresponding to the target domain may compare the received user login information with the user login information stored in advance, so as to check whether the received user login information is correct, and if verification is correct, may return verification information indicating that verification of the user login information is successful to the background server, otherwise, if verification is incorrect, return verification information indicating that verification of the user login information is unsuccessful to the background server.
Step S103, receiving verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information.
In this embodiment, a user login mode of a windows system developed by django is a session authentication mechanism, and the session authentication mechanism requires a user to register personal information in each system and log in each system based on the registered personal information.
Because the session authentication mechanism cannot realize unified login to a plurality of systems under the condition of not connecting with an external network, the embodiment provides a token authentication mechanism for user-defined login so as to realize the user login function.
Here, the token authentication mechanism provided in this embodiment specifically refers to: after receiving the verification information sent by the domain server corresponding to the target domain, the background server analyzes the received verification information to determine whether the user login information obtained in the previous step is verified successfully. If the received verification information represents that the user login information is successfully verified, the background server generates a token corresponding to the user login information, that is, if the user inputs correct user login information, the background server can generate the token for the user.
In an alternative embodiment, the process of generating the token corresponding to the user login information in this step may include: and generating a token corresponding to the user login information by using a JWT authentication mechanism.
Specifically, the step may use the django restfraemwork JWT authentication mechanism to generate a token, that is, the step may use the django restfraemwork JWT component to generate a token corresponding to the domain user.
Step S104, the token is sent to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token.
When the background server receives verification information representing that the user login information is successfully verified, the generated token corresponding to the user login information can be sent to the front-end server (which is vue framework), after the front-end server receives the token, whether the user has permission to access the system in the target domain or not can be verified according to the token, if the user has the corresponding token, the user can access the system in the target domain, at the moment, the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token, and accesses the system in the target domain.
It is noted that, after the front-end server receives the token corresponding to the user login information, the token is stored. Then, the process of accessing the system in the target domain by the domain user includes: and each time the domain user needs to access the system in the target domain, an access request carrying the token is generated, the access request carrying the token is sent to the front-end server, the front-end server intercepts the request after receiving the access request, and the token is checked. If the token is checked to be correct, the front-end server allows the domain user to access the page, and the domain user can enter the access page at the moment, otherwise, if the token is checked to be incorrect, the front-end server refuses the domain user to access the page, and the domain user cannot enter the access page at the moment.
Alternatively, the front-end server may store the token in the client, or may store the token in cookies of the client.
The foregoing step details a specific processing procedure in the case that the background server receives authentication information that characterizes the success of authentication of the user login information. As described in the foregoing step, the background server also receives verification information indicating that the user login information fails to verify, and in this case, optionally, the background server may return error information to the front-end server, where the front-end server receives the error information, and directly refuses the domain user login corresponding to the user login information to log in and access the system in the target domain.
The domain user login method provided by the application comprises the steps of firstly obtaining user login information for logging in a system in a target domain, then sending the user login information to a domain server corresponding to the target domain, so that the domain server can verify the user login information, returning verification information, then receiving the verification information, generating a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sending the token to a front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
In addition, the domain user login method provided by the embodiment can realize unified registration and login of all systems in the target domain without putting additional resources into building a user management system, and reduces the cost.
The following embodiment describes the procedure of "step S102, transmitting user login information to the domain server corresponding to the target domain" described above.
Optionally, the domain user authentication may be implemented through an API of the domain user authentication of the python third party package ldap3 in this embodiment, and specifically, the process of "step S102, sending the user login information to the domain server corresponding to the target domain" may include:
and S1, preprocessing the user login information by using an authentication domain user API interface to obtain the preprocessed user login information.
Specifically, when the background server receives the user login information, the background server calls an authentication domain user API interface, sends the user login information to a domain server corresponding to the target domain, and when the authentication domain user API interface is called, the user login information is preprocessed by the authentication domain user API interface to obtain preprocessed user login information.
Here, the preprocessing is performed for the purpose of processing the user login information as information that can be recognized and processed by the domain server corresponding to the target domain.
In an alternative embodiment, the process of preprocessing the user login information using the authentication domain user API interface to obtain the preprocessed user login information in this step may include:
And S11, encrypting the user login information through an authentication domain user API interface to obtain encrypted user login information.
And step S12, processing the encrypted user login information into a command line format through an authentication domain user API interface to obtain the preprocessed user login information.
In the application, the domain server corresponding to the target domain needs to verify the user login information by adopting a command line verification mode, so that the encrypted user login information needs to be processed into a command line format through the step.
And step S2, the preprocessed user login information is sent to a domain server corresponding to the target domain.
According to the method and the device for processing the domain server, the user login information can be processed into information which can be identified and processed by the domain server corresponding to the target domain, so that the domain server corresponding to the target domain can conduct correctness verification on the preprocessed user login information.
In order to make the present application more understandable to those skilled in the art, a plurality of systems of enterprise a will be described below as an example of the system in the target domain.
Referring now to FIG. 2, FIG. 2 is a schematic diagram illustrating a process by which a user of an enterprise domain accesses a system within a target domain.
Step S1, logging in a user.
Specifically, after the employee of the enterprise a (enterprise domain user) registers the user login information in the target domain, the employee may log in on the front-end login interface based on the user login information, and after the front-end server receives the user login information, the front-end server may send the user login information to the back-end server.
And S2, the back-end server calls a domain server corresponding to the target domain to verify the user login information.
Specifically, the backend server may acquire the user login information and send the user login information to the domain server corresponding to the target domain, so as to verify the user login information through the domain server corresponding to the target domain.
If the domain server corresponding to the target domain returns verification information representing that verification is successful to the back-end server, the step S3 is skipped, and if the domain server corresponding to the target domain returns verification information representing that verification is failed to the back-end server, the step S1 is skipped, so that the domain user inputs user login information again, and the verification of the step is performed again.
The process of the back-end server sending the user login information to the domain server corresponding to the target domain in this step may refer to the description in the foregoing embodiment, and will not be described herein.
And S3, the back-end server generates a token and returns the token to the front-end server.
Specifically, the back-end server may generate a token corresponding to the user login information that is successfully authenticated, and return the generated token to the front-end server.
The process of generating the token by the backend server may refer to the description in the foregoing embodiments in detail, and will not be described in detail herein.
And S4, after receiving the token, the front-end server stores the token into the cookies.
Specifically, the front-end server may store the token in the cookies after receiving the token, so as to verify the access request based on the stored token.
And S5, successfully logging in, and jumping to an access page.
Specifically, after the front-end server checks that the token passes, the domain user can successfully log in a plurality of systems in the target domain and jump to the page accessed at this time.
In the process from the login to the logout, if multiple systems in the target domain are required to be accessed, or one system is required to be accessed for multiple times, the front-end server can verify each access request based on the stored token, and after the verification is passed, the corresponding system page can be accessed.
It should be noted that, the implementation scenario provided in this embodiment is only an example and is not a limitation of the present application.
The embodiment of the application also provides a domain user login device, which is described below, and the domain user login device described below and the domain user login method described above can be referred to correspondingly.
Referring to fig. 3, a schematic structure diagram of a domain user login device according to an embodiment of the present application is shown, and as shown in fig. 3, the domain user login device may include: a login information acquisition module 301, a login information transmission module 302, a token generation module 303, and a token transmission module 304.
The login information obtaining module 301 is configured to obtain user login information for logging in a system in a target domain.
The login information sending module 302 is configured to send the user login information to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information.
The token generation module 303 is configured to receive the verification information, and if the verification information characterizes that the user login information is successfully verified, generate a token corresponding to the user login information.
And the token sending module 304 is configured to send the token to a front-end server, so that the front-end server logs in a system in the target domain for a domain user corresponding to the user login information based on the token.
The domain user login device provided by the application firstly acquires the user login information of the system in the login target domain, then sends the user login information to the domain server corresponding to the target domain, so that the domain server verifies the user login information, returns verification information, then receives the verification information, generates a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sends the token to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
In one possible implementation manner, the login information sending module may include: the system comprises a login information preprocessing module and a post-processing login information sending module.
And the login information preprocessing module is used for preprocessing the user login information by using the authentication domain user API interface to obtain preprocessed user login information.
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
In one possible implementation manner, the login information preprocessing module may include: an encryption processing module and a command line processing module.
And the encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information.
And the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
In one possible implementation, the token generation module may be specifically configured to generate a token corresponding to the user login information by using a JWT authentication mechanism.
In one possible implementation, the user login information includes a domain user account and a domain password.
The embodiment of the application also provides domain user login equipment. Optionally, fig. 4 shows a block diagram of a hardware structure of a domain user login device, and referring to fig. 4, the hardware structure of the domain user login device may include: at least one processor 401, at least one communication interface 402, at least one memory 403, and at least one communication bus 404;
in the embodiment of the present application, the number of the processor 401, the communication interface 402, the memory 403 and the communication bus 404 is at least one, and the processor 401, the communication interface 402 and the memory 403 complete communication with each other through the communication bus 404;
Processor 401 may be a central processing unit CPU, or an Application-specific integrated Circuit ASIC (Application SPECIFIC INTEGRATED Circuit), or one or more integrated circuits configured to implement embodiments of the present invention, etc.;
The memory 403 may include a high-speed RAM memory, and may further include a non-volatile memory (non-volatile memory), etc., such as at least one magnetic disk memory;
Wherein the memory 403 stores a program, the processor 401 may call the program stored in the memory 403, the program being for:
acquiring user login information for logging in a system in a target domain;
the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
And sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Alternatively, the refinement function and the extension function of the program may be described with reference to the above.
The embodiment of the application also provides a readable storage medium, on which a computer program is stored, which when being executed by a processor, implements a domain user login method as described above.
Alternatively, the refinement function and the extension function of the program may be described with reference to the above.
Finally, it is further noted that relational terms such as second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.

Claims (8)

1. A domain user login method, which is applied to a background server, comprising:
Acquiring user login information for logging in a system in a target domain; the system in the target domain is a windows system developed by using django;
The user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information; the domain server is a server in a windows network operating system;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
the token is sent to a front-end server, so that the front-end server enables a domain user corresponding to the user login information to log in a system in the target domain based on the token;
the sending the user login information to the domain server corresponding to the target domain includes:
preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information; the authentication domain user API interface is an API interface for domain user authentication of python third party package ldap 3;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
2. The domain user login method according to claim 1, wherein the preprocessing the user login information using the authentication domain user API interface to obtain preprocessed user login information includes:
Encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
And processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
3. The domain user login method according to claim 1, wherein the generating the token corresponding to the user login information includes:
And generating a token corresponding to the user login information by using a JWT authentication mechanism.
4. The domain user login method according to claim 1, wherein the user login information includes a domain user account and a domain password.
5. A domain user login device, applied to a background server, comprising:
the login information acquisition module is used for acquiring user login information of a system in a login target domain; the system in the target domain is a windows system developed by using django;
The login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information; the domain server is a server in a windows network operating system;
The token generation module is used for receiving the verification information, and generating a token corresponding to the user login information if the verification information characterizes that the user login information is successfully verified;
The token sending module is used for sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in a system in the target domain based on the token;
the login information sending module comprises:
The login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information; the authentication domain user API interface is an API interface for domain user authentication of the python third party package Idap;
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
6. The domain user login device according to claim 5, wherein said login information preprocessing module comprises:
The encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
7. A domain user login device comprising a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the domain user login method according to any one of claims 1 to 4.
8. A readable storage medium having stored thereon a computer program, which, when executed by a processor, implements the steps of the domain user login method according to any of claims 1 to 4.
CN202210606577.1A 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium Active CN115001808B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210606577.1A CN115001808B (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210606577.1A CN115001808B (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN115001808A CN115001808A (en) 2022-09-02
CN115001808B true CN115001808B (en) 2024-05-28

Family

ID=83030910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210606577.1A Active CN115001808B (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115001808B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1725687A (en) * 2005-01-26 2006-01-25 杭州华为三康技术有限公司 Security identification method
CN105282095A (en) * 2014-06-18 2016-01-27 中兴通讯股份有限公司 Login verification method and device of virtual desktop
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN110730171A (en) * 2019-10-10 2020-01-24 北京东软望海科技有限公司 Service request processing method, device and system, electronic equipment and storage medium
CN111062023A (en) * 2019-11-26 2020-04-24 深圳市思迪信息技术股份有限公司 Method and device for realizing single sign-on of multiple application systems
CN112383535A (en) * 2020-11-10 2021-02-19 平安普惠企业管理有限公司 Method and device for detecting Hash transfer attack behavior and computer equipment
CN112600674A (en) * 2020-12-04 2021-04-02 中国农业银行股份有限公司深圳市分行 User security authentication method and device for front-end and back-end separation system and storage medium
CN112910904A (en) * 2021-02-03 2021-06-04 叮当快药科技集团有限公司 Login method and device of multi-service system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8839395B2 (en) * 2011-05-13 2014-09-16 Cch Incorporated Single sign-on between applications
US9985953B2 (en) * 2014-11-10 2018-05-29 Amazon Technologies, Inc. Desktop application fulfillment platform with multiple authentication mechanisms

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1725687A (en) * 2005-01-26 2006-01-25 杭州华为三康技术有限公司 Security identification method
CN105282095A (en) * 2014-06-18 2016-01-27 中兴通讯股份有限公司 Login verification method and device of virtual desktop
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN110730171A (en) * 2019-10-10 2020-01-24 北京东软望海科技有限公司 Service request processing method, device and system, electronic equipment and storage medium
CN111062023A (en) * 2019-11-26 2020-04-24 深圳市思迪信息技术股份有限公司 Method and device for realizing single sign-on of multiple application systems
CN112383535A (en) * 2020-11-10 2021-02-19 平安普惠企业管理有限公司 Method and device for detecting Hash transfer attack behavior and computer equipment
CN112600674A (en) * 2020-12-04 2021-04-02 中国农业银行股份有限公司深圳市分行 User security authentication method and device for front-end and back-end separation system and storage medium
CN112910904A (en) * 2021-02-03 2021-06-04 叮当快药科技集团有限公司 Login method and device of multi-service system

Also Published As

Publication number Publication date
CN115001808A (en) 2022-09-02

Similar Documents

Publication Publication Date Title
US9098689B2 (en) Efficiently throttling user authentication
US10673866B2 (en) Cross-account role management
CN107948167B (en) Single sign-on method and device
US9300653B1 (en) Delivery of authentication information to a RESTful service using token validation scheme
US20200106766A1 (en) Method and system for security assertion markup language (saml) service provider-initiated single sign-on
US8474019B2 (en) Securing asynchronous client server transactions
CN110602052A (en) Micro-service processing method and server
US9934310B2 (en) Determining repeat website users via browser uniqueness tracking
US10924464B2 (en) Automatic credential rotation
CN105162775A (en) Logging method and device of virtual machine
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
CN116170234B (en) Single sign-on method and system based on virtual account authentication
US11374915B1 (en) Security challenge bypass
US10904011B2 (en) Configuration updates for access-restricted hosts
CN110324307A (en) A kind of single sign-on authentication method and relevant device based on cloud
CN110113346A (en) A kind of network verification method, user terminal and server
CN115001808B (en) Domain user login method, device, equipment and medium
EP4407933A1 (en) Web-authorization using enhanced cookie
CN112751844B (en) Portal authentication method and device and electronic equipment
CN117155620A (en) Login system, method and device crossing authentication platform, authentication system and medium
CN114024688A (en) Network request method, network authentication method, terminal equipment and server
CN116781392A (en) Login method, device, system and equipment
CN113645204A (en) Device for automatically providing false information for fraud website to prevent network fraud
CN115834252A (en) Service access method and system
CN115102762A (en) Single sign-on method, intelligent terminal and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant