CN115001808B - Domain user login method, device, equipment and medium - Google Patents
Domain user login method, device, equipment and medium Download PDFInfo
- Publication number
- CN115001808B CN115001808B CN202210606577.1A CN202210606577A CN115001808B CN 115001808 B CN115001808 B CN 115001808B CN 202210606577 A CN202210606577 A CN 202210606577A CN 115001808 B CN115001808 B CN 115001808B
- Authority
- CN
- China
- Prior art keywords
- domain
- user login
- login information
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 53
- 238000012545 processing Methods 0.000 claims description 21
- 238000007781 pre-processing Methods 0.000 claims description 17
- 230000007246 mechanism Effects 0.000 claims description 10
- 238000012805 post-processing Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 235000014510 cooky Nutrition 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a domain user login method, a device, equipment and a medium, which can be applied to the field of network security or finance. The method comprises the following steps: acquiring user login information for logging in a system in a target domain; the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information; and receiving verification information, if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information, and finally sending the token to a front-end server, so that the front-end server enables a domain user corresponding to the user login information to log in a system in a target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
Description
Technical Field
The present application relates to the field of network security, and in particular, to a domain user login method, device, apparatus, and medium.
Background
The existing system is provided with a user login mode, and the user login mode of the system generally needs a user to log in by using a registered account and a registered password after registering in the system, or uses a third party to log in through qq, weChat, microblog and the like.
Since an enterprise may have a plurality of systems, such as a business system, a wage system, an employee information management system, etc., each system requires an employee to register before logging in, registering in each system takes a lot of time for the employee, and the employee needs to memorize the account number and the password of each system, which is not friendly in terms of convenience of use of the system and convenience of management of the employee to his own account.
The third party logging method avoids a series of problems caused by the fact that users register in all the systems, but the method requires that enterprises can be connected with an external network, and most enterprises cannot be connected with the external network due to safety, so that staff cannot log in all the systems by using the third party, and therefore the enterprise requirement cannot be met by using the third party logging method.
In summary, there is a need for a method that enables a user to log in uniformly to multiple systems without connecting to an external network.
Disclosure of Invention
In view of this, the present application provides a domain user login method, device, equipment and medium, which are used for enabling users to log in a plurality of systems in a unified way under the condition of not connecting an external network, and the technical scheme is as follows:
A domain user login method, comprising:
acquiring user login information for logging in a system in a target domain;
the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
And sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the sending the user login information to the domain server corresponding to the target domain includes:
preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
Optionally, the preprocessing the user login information by using the authentication domain user API interface to obtain preprocessed user login information includes:
Encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
And processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
Optionally, the generating the token corresponding to the user login information includes:
And generating a token corresponding to the user login information by using a JWT authentication mechanism.
Optionally, the user login information includes a domain user account and a domain password.
A domain user login device comprising:
the login information acquisition module is used for acquiring user login information of a system in a login target domain;
The login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
The token generation module is used for receiving the verification information, and generating a token corresponding to the user login information if the verification information characterizes that the user login information is successfully verified;
and the token sending module is used for sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the login information sending module includes:
The login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information;
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
Optionally, the login information preprocessing module includes:
The encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
A domain user login device comprising a memory and a processor;
the memory is used for storing programs;
The processor is configured to execute the program to implement the steps of the domain user login method according to any one of the above.
A readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a domain user login method as claimed in any one of the preceding claims.
According to the technical scheme, the domain user login method provided by the application comprises the steps of firstly obtaining the user login information of the system in the login target domain, then sending the user login information to the domain server corresponding to the target domain, so that the domain server can verify the user login information, returning the verification information, then receiving the verification information, generating a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sending the token to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a domain user login method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a process by which enterprise domain users access systems within a target domain;
FIG. 3 is a schematic diagram of a domain user login device according to an embodiment of the present application;
Fig. 4 is a hardware structure block diagram of a domain user login device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In view of the problems existing in the prior art, the inventor of the present application has conducted intensive research and finally provided a domain user login method, device, equipment and medium.
It should be noted that the domain user login method, device, equipment and medium provided by the invention can be applied to the network security field or the financial field. The foregoing is merely an example, and is not intended to limit the application fields of the domain user login method, device, apparatus and medium provided by the present invention.
Before introducing the domain user login method, the device, the equipment and the medium provided by the application, a plurality of nouns related to the application are introduced.
Domain user: the domain is not only a logical organization unit of the windows network operating system, but also a logical organization unit of the internet, and in the windows network operating system, the domain is a security boundary. The impermissible manager can only manage the inside of the domain unless other domains are given their management in a display. Each domain has its own security policy and its secure trust relationship with other domains.
Django framework: django is a web application framework of open source code, written by python.
JWT: english, collectively referred to as json web token, JWT is a published json-based specification that allows us to use JWT to communicate secure and reliable information between users and servers. Two usage scenarios for JWTs are authentication and data exchange.
Django_rest_frame work: the django rest is a plug-in of the django web framework, and the rest api is built through django rest framework very conveniently and quickly, so that the method is particularly suitable for the front-back end separation mode at present.
Next, the domain user login method provided by the present application will be described in detail through the following embodiments.
The domain user login method provided by the application can be applied to a background server. For a person skilled in the art to understand the present application, please refer to fig. 1, which shows a flow chart of a domain user login method according to an embodiment of the present application, where the domain user login method may include:
Step S101, user login information for logging in a system in a target domain is acquired.
Specifically, the front-end server interacting with the back-end server may provide a login interface, and the user may input user login information at the login interface provided by the front-end server, so as to login and access all systems in the target domain through the user login information.
Optionally, the user login information may include a domain user account and a domain password corresponding to the domain user account.
Of course, the user login information may also include other information, such as an identifier of the target domain, which is not limited in the present application.
Alternatively, the system within the target domain may be a windows system developed using django.
In this step, after the user inputs the user login information on the login interface, the front-end server may send the user login information to the background server, so that the background server may obtain the user login information of the system in the user login target domain.
In this step, the target domain may include one system or may include a plurality of systems, and no matter whether the target domain includes one system or a plurality of systems, the user only needs to register the user login information once, and input the user login information once when the user needs to access the system in the target domain, and the user login information does not need to register and log in separately in each system.
Step S102, the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information.
It will be appreciated that each domain has a corresponding domain server. In this step, the background server may send the user login information obtained in the previous step to the domain server corresponding to the target domain for verification (i.e. authentication).
Here, when the user initially uses the system in the target domain, the user may register personal information on the registration interface, and when the user registers personal information (registered personal information is user login information in this embodiment), the domain server corresponding to the target domain stores the registered user login information, so that after receiving the user login information sent by the background server, the domain server corresponding to the target domain may compare the received user login information with the user login information stored in advance, so as to check whether the received user login information is correct, and if verification is correct, may return verification information indicating that verification of the user login information is successful to the background server, otherwise, if verification is incorrect, return verification information indicating that verification of the user login information is unsuccessful to the background server.
Step S103, receiving verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information.
In this embodiment, a user login mode of a windows system developed by django is a session authentication mechanism, and the session authentication mechanism requires a user to register personal information in each system and log in each system based on the registered personal information.
Because the session authentication mechanism cannot realize unified login to a plurality of systems under the condition of not connecting with an external network, the embodiment provides a token authentication mechanism for user-defined login so as to realize the user login function.
Here, the token authentication mechanism provided in this embodiment specifically refers to: after receiving the verification information sent by the domain server corresponding to the target domain, the background server analyzes the received verification information to determine whether the user login information obtained in the previous step is verified successfully. If the received verification information represents that the user login information is successfully verified, the background server generates a token corresponding to the user login information, that is, if the user inputs correct user login information, the background server can generate the token for the user.
In an alternative embodiment, the process of generating the token corresponding to the user login information in this step may include: and generating a token corresponding to the user login information by using a JWT authentication mechanism.
Specifically, the step may use the django restfraemwork JWT authentication mechanism to generate a token, that is, the step may use the django restfraemwork JWT component to generate a token corresponding to the domain user.
Step S104, the token is sent to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token.
When the background server receives verification information representing that the user login information is successfully verified, the generated token corresponding to the user login information can be sent to the front-end server (which is vue framework), after the front-end server receives the token, whether the user has permission to access the system in the target domain or not can be verified according to the token, if the user has the corresponding token, the user can access the system in the target domain, at the moment, the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token, and accesses the system in the target domain.
It is noted that, after the front-end server receives the token corresponding to the user login information, the token is stored. Then, the process of accessing the system in the target domain by the domain user includes: and each time the domain user needs to access the system in the target domain, an access request carrying the token is generated, the access request carrying the token is sent to the front-end server, the front-end server intercepts the request after receiving the access request, and the token is checked. If the token is checked to be correct, the front-end server allows the domain user to access the page, and the domain user can enter the access page at the moment, otherwise, if the token is checked to be incorrect, the front-end server refuses the domain user to access the page, and the domain user cannot enter the access page at the moment.
Alternatively, the front-end server may store the token in the client, or may store the token in cookies of the client.
The foregoing step details a specific processing procedure in the case that the background server receives authentication information that characterizes the success of authentication of the user login information. As described in the foregoing step, the background server also receives verification information indicating that the user login information fails to verify, and in this case, optionally, the background server may return error information to the front-end server, where the front-end server receives the error information, and directly refuses the domain user login corresponding to the user login information to log in and access the system in the target domain.
The domain user login method provided by the application comprises the steps of firstly obtaining user login information for logging in a system in a target domain, then sending the user login information to a domain server corresponding to the target domain, so that the domain server can verify the user login information, returning verification information, then receiving the verification information, generating a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sending the token to a front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
In addition, the domain user login method provided by the embodiment can realize unified registration and login of all systems in the target domain without putting additional resources into building a user management system, and reduces the cost.
The following embodiment describes the procedure of "step S102, transmitting user login information to the domain server corresponding to the target domain" described above.
Optionally, the domain user authentication may be implemented through an API of the domain user authentication of the python third party package ldap3 in this embodiment, and specifically, the process of "step S102, sending the user login information to the domain server corresponding to the target domain" may include:
and S1, preprocessing the user login information by using an authentication domain user API interface to obtain the preprocessed user login information.
Specifically, when the background server receives the user login information, the background server calls an authentication domain user API interface, sends the user login information to a domain server corresponding to the target domain, and when the authentication domain user API interface is called, the user login information is preprocessed by the authentication domain user API interface to obtain preprocessed user login information.
Here, the preprocessing is performed for the purpose of processing the user login information as information that can be recognized and processed by the domain server corresponding to the target domain.
In an alternative embodiment, the process of preprocessing the user login information using the authentication domain user API interface to obtain the preprocessed user login information in this step may include:
And S11, encrypting the user login information through an authentication domain user API interface to obtain encrypted user login information.
And step S12, processing the encrypted user login information into a command line format through an authentication domain user API interface to obtain the preprocessed user login information.
In the application, the domain server corresponding to the target domain needs to verify the user login information by adopting a command line verification mode, so that the encrypted user login information needs to be processed into a command line format through the step.
And step S2, the preprocessed user login information is sent to a domain server corresponding to the target domain.
According to the method and the device for processing the domain server, the user login information can be processed into information which can be identified and processed by the domain server corresponding to the target domain, so that the domain server corresponding to the target domain can conduct correctness verification on the preprocessed user login information.
In order to make the present application more understandable to those skilled in the art, a plurality of systems of enterprise a will be described below as an example of the system in the target domain.
Referring now to FIG. 2, FIG. 2 is a schematic diagram illustrating a process by which a user of an enterprise domain accesses a system within a target domain.
Step S1, logging in a user.
Specifically, after the employee of the enterprise a (enterprise domain user) registers the user login information in the target domain, the employee may log in on the front-end login interface based on the user login information, and after the front-end server receives the user login information, the front-end server may send the user login information to the back-end server.
And S2, the back-end server calls a domain server corresponding to the target domain to verify the user login information.
Specifically, the backend server may acquire the user login information and send the user login information to the domain server corresponding to the target domain, so as to verify the user login information through the domain server corresponding to the target domain.
If the domain server corresponding to the target domain returns verification information representing that verification is successful to the back-end server, the step S3 is skipped, and if the domain server corresponding to the target domain returns verification information representing that verification is failed to the back-end server, the step S1 is skipped, so that the domain user inputs user login information again, and the verification of the step is performed again.
The process of the back-end server sending the user login information to the domain server corresponding to the target domain in this step may refer to the description in the foregoing embodiment, and will not be described herein.
And S3, the back-end server generates a token and returns the token to the front-end server.
Specifically, the back-end server may generate a token corresponding to the user login information that is successfully authenticated, and return the generated token to the front-end server.
The process of generating the token by the backend server may refer to the description in the foregoing embodiments in detail, and will not be described in detail herein.
And S4, after receiving the token, the front-end server stores the token into the cookies.
Specifically, the front-end server may store the token in the cookies after receiving the token, so as to verify the access request based on the stored token.
And S5, successfully logging in, and jumping to an access page.
Specifically, after the front-end server checks that the token passes, the domain user can successfully log in a plurality of systems in the target domain and jump to the page accessed at this time.
In the process from the login to the logout, if multiple systems in the target domain are required to be accessed, or one system is required to be accessed for multiple times, the front-end server can verify each access request based on the stored token, and after the verification is passed, the corresponding system page can be accessed.
It should be noted that, the implementation scenario provided in this embodiment is only an example and is not a limitation of the present application.
The embodiment of the application also provides a domain user login device, which is described below, and the domain user login device described below and the domain user login method described above can be referred to correspondingly.
Referring to fig. 3, a schematic structure diagram of a domain user login device according to an embodiment of the present application is shown, and as shown in fig. 3, the domain user login device may include: a login information acquisition module 301, a login information transmission module 302, a token generation module 303, and a token transmission module 304.
The login information obtaining module 301 is configured to obtain user login information for logging in a system in a target domain.
The login information sending module 302 is configured to send the user login information to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information.
The token generation module 303 is configured to receive the verification information, and if the verification information characterizes that the user login information is successfully verified, generate a token corresponding to the user login information.
And the token sending module 304 is configured to send the token to a front-end server, so that the front-end server logs in a system in the target domain for a domain user corresponding to the user login information based on the token.
The domain user login device provided by the application firstly acquires the user login information of the system in the login target domain, then sends the user login information to the domain server corresponding to the target domain, so that the domain server verifies the user login information, returns verification information, then receives the verification information, generates a token corresponding to the user login information if the verification information represents that the user login information is successfully verified, and finally sends the token to the front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the application, domain users can generate the token based on the user login information under the condition of not connecting an external network, and can log in a plurality of systems simultaneously based on the generated token, so that the time for registering a plurality of systems by the users is saved, the users do not need to memorize a plurality of account information, and the user experience is improved.
In one possible implementation manner, the login information sending module may include: the system comprises a login information preprocessing module and a post-processing login information sending module.
And the login information preprocessing module is used for preprocessing the user login information by using the authentication domain user API interface to obtain preprocessed user login information.
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
In one possible implementation manner, the login information preprocessing module may include: an encryption processing module and a command line processing module.
And the encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information.
And the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
In one possible implementation, the token generation module may be specifically configured to generate a token corresponding to the user login information by using a JWT authentication mechanism.
In one possible implementation, the user login information includes a domain user account and a domain password.
The embodiment of the application also provides domain user login equipment. Optionally, fig. 4 shows a block diagram of a hardware structure of a domain user login device, and referring to fig. 4, the hardware structure of the domain user login device may include: at least one processor 401, at least one communication interface 402, at least one memory 403, and at least one communication bus 404;
in the embodiment of the present application, the number of the processor 401, the communication interface 402, the memory 403 and the communication bus 404 is at least one, and the processor 401, the communication interface 402 and the memory 403 complete communication with each other through the communication bus 404;
Processor 401 may be a central processing unit CPU, or an Application-specific integrated Circuit ASIC (Application SPECIFIC INTEGRATED Circuit), or one or more integrated circuits configured to implement embodiments of the present invention, etc.;
The memory 403 may include a high-speed RAM memory, and may further include a non-volatile memory (non-volatile memory), etc., such as at least one magnetic disk memory;
Wherein the memory 403 stores a program, the processor 401 may call the program stored in the memory 403, the program being for:
acquiring user login information for logging in a system in a target domain;
the user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
And sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Alternatively, the refinement function and the extension function of the program may be described with reference to the above.
The embodiment of the application also provides a readable storage medium, on which a computer program is stored, which when being executed by a processor, implements a domain user login method as described above.
Alternatively, the refinement function and the extension function of the program may be described with reference to the above.
Finally, it is further noted that relational terms such as second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
Claims (8)
1. A domain user login method, which is applied to a background server, comprising:
Acquiring user login information for logging in a system in a target domain; the system in the target domain is a windows system developed by using django;
The user login information is sent to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information; the domain server is a server in a windows network operating system;
Receiving the verification information, and if the verification information characterizes that the user login information is successfully verified, generating a token corresponding to the user login information;
the token is sent to a front-end server, so that the front-end server enables a domain user corresponding to the user login information to log in a system in the target domain based on the token;
the sending the user login information to the domain server corresponding to the target domain includes:
preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information; the authentication domain user API interface is an API interface for domain user authentication of python third party package ldap 3;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
2. The domain user login method according to claim 1, wherein the preprocessing the user login information using the authentication domain user API interface to obtain preprocessed user login information includes:
Encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
And processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
3. The domain user login method according to claim 1, wherein the generating the token corresponding to the user login information includes:
And generating a token corresponding to the user login information by using a JWT authentication mechanism.
4. The domain user login method according to claim 1, wherein the user login information includes a domain user account and a domain password.
5. A domain user login device, applied to a background server, comprising:
the login information acquisition module is used for acquiring user login information of a system in a login target domain; the system in the target domain is a windows system developed by using django;
The login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information; the domain server is a server in a windows network operating system;
The token generation module is used for receiving the verification information, and generating a token corresponding to the user login information if the verification information characterizes that the user login information is successfully verified;
The token sending module is used for sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in a system in the target domain based on the token;
the login information sending module comprises:
The login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API interface to obtain preprocessed user login information; the authentication domain user API interface is an API interface for domain user authentication of the python third party package Idap;
And the post-processing login information sending module is used for sending the pre-processed user login information to a domain server corresponding to the target domain.
6. The domain user login device according to claim 5, wherein said login information preprocessing module comprises:
The encryption processing module is used for carrying out encryption processing on the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
7. A domain user login device comprising a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the domain user login method according to any one of claims 1 to 4.
8. A readable storage medium having stored thereon a computer program, which, when executed by a processor, implements the steps of the domain user login method according to any of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210606577.1A CN115001808B (en) | 2022-05-31 | 2022-05-31 | Domain user login method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210606577.1A CN115001808B (en) | 2022-05-31 | 2022-05-31 | Domain user login method, device, equipment and medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115001808A CN115001808A (en) | 2022-09-02 |
CN115001808B true CN115001808B (en) | 2024-05-28 |
Family
ID=83030910
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210606577.1A Active CN115001808B (en) | 2022-05-31 | 2022-05-31 | Domain user login method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115001808B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725687A (en) * | 2005-01-26 | 2006-01-25 | 杭州华为三康技术有限公司 | Security identification method |
CN105282095A (en) * | 2014-06-18 | 2016-01-27 | 中兴通讯股份有限公司 | Login verification method and device of virtual desktop |
CN109379369A (en) * | 2018-11-09 | 2019-02-22 | 中国平安人寿保险股份有限公司 | Single-point logging method, device, server and storage medium |
CN110730171A (en) * | 2019-10-10 | 2020-01-24 | 北京东软望海科技有限公司 | Service request processing method, device and system, electronic equipment and storage medium |
CN111062023A (en) * | 2019-11-26 | 2020-04-24 | 深圳市思迪信息技术股份有限公司 | Method and device for realizing single sign-on of multiple application systems |
CN112383535A (en) * | 2020-11-10 | 2021-02-19 | 平安普惠企业管理有限公司 | Method and device for detecting Hash transfer attack behavior and computer equipment |
CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
CN112910904A (en) * | 2021-02-03 | 2021-06-04 | 叮当快药科技集团有限公司 | Login method and device of multi-service system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8839395B2 (en) * | 2011-05-13 | 2014-09-16 | Cch Incorporated | Single sign-on between applications |
US9985953B2 (en) * | 2014-11-10 | 2018-05-29 | Amazon Technologies, Inc. | Desktop application fulfillment platform with multiple authentication mechanisms |
-
2022
- 2022-05-31 CN CN202210606577.1A patent/CN115001808B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725687A (en) * | 2005-01-26 | 2006-01-25 | 杭州华为三康技术有限公司 | Security identification method |
CN105282095A (en) * | 2014-06-18 | 2016-01-27 | 中兴通讯股份有限公司 | Login verification method and device of virtual desktop |
CN109379369A (en) * | 2018-11-09 | 2019-02-22 | 中国平安人寿保险股份有限公司 | Single-point logging method, device, server and storage medium |
CN110730171A (en) * | 2019-10-10 | 2020-01-24 | 北京东软望海科技有限公司 | Service request processing method, device and system, electronic equipment and storage medium |
CN111062023A (en) * | 2019-11-26 | 2020-04-24 | 深圳市思迪信息技术股份有限公司 | Method and device for realizing single sign-on of multiple application systems |
CN112383535A (en) * | 2020-11-10 | 2021-02-19 | 平安普惠企业管理有限公司 | Method and device for detecting Hash transfer attack behavior and computer equipment |
CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
CN112910904A (en) * | 2021-02-03 | 2021-06-04 | 叮当快药科技集团有限公司 | Login method and device of multi-service system |
Also Published As
Publication number | Publication date |
---|---|
CN115001808A (en) | 2022-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9098689B2 (en) | Efficiently throttling user authentication | |
US10673866B2 (en) | Cross-account role management | |
CN107948167B (en) | Single sign-on method and device | |
US9300653B1 (en) | Delivery of authentication information to a RESTful service using token validation scheme | |
US20200106766A1 (en) | Method and system for security assertion markup language (saml) service provider-initiated single sign-on | |
US8474019B2 (en) | Securing asynchronous client server transactions | |
CN110602052A (en) | Micro-service processing method and server | |
US9934310B2 (en) | Determining repeat website users via browser uniqueness tracking | |
US10924464B2 (en) | Automatic credential rotation | |
CN105162775A (en) | Logging method and device of virtual machine | |
CN107770192A (en) | Identity authentication method and computer-readable recording medium in multisystem | |
CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
US11374915B1 (en) | Security challenge bypass | |
US10904011B2 (en) | Configuration updates for access-restricted hosts | |
CN110324307A (en) | A kind of single sign-on authentication method and relevant device based on cloud | |
CN110113346A (en) | A kind of network verification method, user terminal and server | |
CN115001808B (en) | Domain user login method, device, equipment and medium | |
EP4407933A1 (en) | Web-authorization using enhanced cookie | |
CN112751844B (en) | Portal authentication method and device and electronic equipment | |
CN117155620A (en) | Login system, method and device crossing authentication platform, authentication system and medium | |
CN114024688A (en) | Network request method, network authentication method, terminal equipment and server | |
CN116781392A (en) | Login method, device, system and equipment | |
CN113645204A (en) | Device for automatically providing false information for fraud website to prevent network fraud | |
CN115834252A (en) | Service access method and system | |
CN115102762A (en) | Single sign-on method, intelligent terminal and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |