CN113965352B - Third-party website login method and device, electronic equipment and storage medium - Google Patents

Third-party website login method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113965352B
CN113965352B CN202111101817.4A CN202111101817A CN113965352B CN 113965352 B CN113965352 B CN 113965352B CN 202111101817 A CN202111101817 A CN 202111101817A CN 113965352 B CN113965352 B CN 113965352B
Authority
CN
China
Prior art keywords
party website
identity information
login
user identity
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111101817.4A
Other languages
Chinese (zh)
Other versions
CN113965352A (en
Inventor
蔡灵通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202111101817.4A priority Critical patent/CN113965352B/en
Publication of CN113965352A publication Critical patent/CN113965352A/en
Application granted granted Critical
Publication of CN113965352B publication Critical patent/CN113965352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application relates to the technical field of Internet communication, and discloses a third-party website login method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: under the condition that a user requests to access a third-party website, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; analyzing the redirection request, and completing the cross-site login of the third-party website according to the acquired user identity information. Under the condition that the browser opens the SameSite attribute, the user identity information can be transmitted in a cross-site manner through a lightweight protocol, and the legal cross-site login of the third-party website can be efficiently and accurately completed on the currently accessed website on the basis of ensuring the website access security.

Description

Third-party website login method and device, electronic equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of internet communication, in particular to a third-party website login method, a device, electronic equipment and a storage medium.
Background
With the continuous development of communication technology and internet, it is more common for users to perform nested login and access of multiple websites through user devices, but the nested login of multiple websites is prone to problems of leakage of user information or being held by malicious websites. Thus, to increase security of website access, the browser begins to support the Samesite attribute, which is used to limit the behavior of third party cookies. It can set three values: strict: most strictly, third party cookies are completely prohibited, and cookies are not always sent when the current site is in a cross-site relationship with the requesting target site. Lax: rules are loose, and third party cookies are not sent in most cases, none: the function is turned off. After the stract or the Lax is set, the attribute can cause that the third-party website can not acquire the user identity information (cookie information) of the first-party website, so that the problems that some malicious websites initiate Cross-site request forgery attack (Cross-site request forgery, CSRF) and user tracking to websites by trying to forgery Http (hypertext transfer protocol) requests with correct cookies can be effectively avoided.
However, after the browser opens the SameSite attribute, if the current website embeds the trusted third party logging-in website, after the user logs in the third party website, the third party website sends a redirection request to the current website, and the current website cannot acquire and carry the user identity information of the current website, so that the identity information of the user who successfully logs in the third party website cannot be acquired by the current website, further, the login is invalid, and the cross-site login of the third party website cannot be completed at the current website.
Disclosure of Invention
The embodiment of the application mainly aims at providing a third-party website login method, a third-party website login device, electronic equipment and a storage medium, aiming at efficiently and accurately completing legal cross-site login of a third-party website on a currently accessed website on the basis of ensuring the website access security.
In order to achieve the above object, an embodiment of the present application provides a third party website login method, including: under the condition that a user requests to access a third-party website, according to a preset rule, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; analyzing the redirection request, and completing the cross-site login of the third-party website according to the acquired user identity information.
In order to achieve the above object, an embodiment of the present application further provides a third party website login device, including: the sending module is used for sending the current user identity information of the user to a preset platform according to a preset rule under the condition that the user requests to access the third-party website, and redirecting the current page to a login page of the third-party website; the receiving module is used for receiving a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website; and the login module is used for analyzing the redirection request and completing the cross-site login of the third-party website according to the acquired user identity information.
In order to achieve the above object, an embodiment of the present application further provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the third party website login method as described above.
To achieve the above object, an embodiment of the present application further provides a computer readable storage medium storing a computer program, which when executed by a processor, implements a third party website login method as described above.
According to the third-party website login method provided by the embodiment of the application, when the current website detects that the user needs to login the third-party website, the current user identity information of the user is sent to the preset platform according to the preset rule, so that the preset platform returns the user identity information and the redirection request to the current website after the user successfully logs in the third-party website, and then the cross-site login of the third-party website is completed according to the analysis result of the redirection request and the user identity information. In the process of cross-site login of the third-party website, the user identity information is sent to the preset platform, and after the user successfully logs in the third-party website, the preset platform returns the user identity information and the redirection request to the current website, so that the user identity information can interact in the process of accessing the website through the browser with the SameSite attribute opened. After the user successfully logs in the third-party website, the user identity information is sent back to the original website through the preset platform, so that the original website can identify the user identity successfully logged in the third-party website according to the acquired user identity information, and the login invalidation caused by incapability of carrying the user identity information in the cross-station login process is avoided. The browser with the SameSite attribute opened supports the cross-site login of the third-party website through the lightweight protocol, so that the security of website access is ensured, and the legitimacy of the cross-site login of the third-party website is ensured.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings.
FIG. 1 is a flow chart of a third party website login method in an embodiment of the application;
FIG. 2 is a schematic diagram of a third party website login process according to an embodiment of the present application;
FIG. 3 is a schematic diagram of another third party website login process according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a third party website login device according to another embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to another embodiment of the present application.
Detailed Description
As known from the background art, after the browser opens the SameSite attribute, if the current website embeds the trusted third party logging-in website, when the user sends a redirection request to the current website after the third party website is logged in, the current website cannot acquire and carry the user identity information of the current website, and thus the login is invalid, and the cross-site login of the third party website cannot be completed at the current website. Therefore, how to realize legal cross-site login of the third-party website on the basis of ensuring the access security of the website is an urgent problem to be solved.
In order to solve the above problems, an embodiment of the present application provides a third party website login method, including: under the condition that a user requests to access a third-party website, according to a preset rule, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website; receiving a redirection request and user identity information returned by a preset platform after a user successfully logs in a third-party website; analyzing the redirection request, and completing the cross-site login of the third-party website according to the acquired user identity information.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in detail below with reference to the accompanying drawings. However, it will be understood by those of ordinary skill in the art that in various embodiments of the present application, numerous specific details are set forth in order to provide a thorough understanding of the present application. However, the claimed technical solution of the present application can be realized without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not be construed as limiting the specific implementation of the present application, and the embodiments can be mutually combined and referred to without contradiction.
The implementation details of the third party website login method according to the present application will be specifically described below with reference to specific embodiments, and the following details are provided only for easy understanding, and are not necessary to implement the present embodiment.
In one aspect, the embodiment of the application provides a third-party website login method, which is applied to a web site, and a cross-site login flow of a third-party website nested in a currently accessed web site is shown in fig. 1, and comprises the following steps:
and step 101, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of a third-party website.
Specifically, a user initiates an access request to a web site through a browser with an opened SameSite attribute, the web site determines a service to be transacted by the user according to the access request after receiving the access request of user equipment, and detects whether the user requests to access a third-party website in the service transacting process. And under the condition that the user requests to access the third-party website, according to a preset rule, sending the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website. Under the condition that the user equipment is detected to request to access the third-party website, the current user identity information of the user is sent to a preset platform, and the current page is redirected to a login page of the third-party website, so that the user identity information can be interactively transmitted in a cross-site login process.
In one example, the web site sending the current user identity information of the user to the preset platform according to the preset rule includes: under the condition that the preset platform is a third-party website, encrypting the current user identity information of the user according to a preset asymmetric encryption algorithm; and sending the encrypted user identity information to a third-party website. Specifically, before user identity information is sent, the web site identifies the identity of the preset platform, and under the condition that the preset platform is a third-party website, the web site and the third-party website cannot directly transmit the user identity information. In this case, the web site encrypts the current user identity information of the user according to a preset asymmetric encryption algorithm, changes the data type of the user identity information into encrypted data, enables the encrypted user identity information to be transmitted to the third-party website, and then sends the encrypted user identity information to the third-party website. By encrypting the user identity information by adopting an asymmetric encryption algorithm, the encryption efficiency and effect of the user identity information are ensured, the user identity information can be transmitted in a cross-station mode, and a third-party website can accurately acquire the user identity information of a login user.
Further, the asymmetric encryption algorithm adopted in the process of encrypting the user identity information by the web site is any one of the following algorithms: RSA algorithm, DSA algorithm, ECC algorithm, and DH algorithm. For example, the web site encrypts the user identity information by using an RSA algorithm, and the web site randomly generates a public key and a private key in the encryption process according to the RSA algorithm, wherein the public key is an encryption key, and the private key is a decryption key. And then caching a key pair formed by the public key and the private key, generating a cache identifier keySign of the key pair, and encrypting the current user identity information (cookie information) of the user according to the cache identifier and the encryption key of the key pair. Packaging user identity information and a key pair identifier into Json format data, { key sign ": XXXXX",// public and private key cache identifier; "content": "XXXX",// content of the public key after encryption of the cookie }, and named cookie State parameter. The web site selects a proper encryption algorithm to encrypt the user identity information according to actual needs, so that the practicability of the user identity information encryption is improved while the smooth encryption is ensured.
In another example, after encrypting the user identity information according to a preset asymmetric encryption algorithm, the web site encrypts the current user identity information of the user and sends the encrypted current user identity information to a third party website, which includes: and adding the encrypted user identity information into the service parameters of the third-party website, and sending the service parameters to the third-party website. In particular, the web site may send a service parameter, such as a service parameter, to the third-party website when redirecting the current page to the landing page of the third-party website. In order to accurately transmit the encrypted user identity information to a third-party website, after the user identity information is encrypted, the web website packages the encrypted user identity information into a request parameter cookie, then adds the request parameter to a service parameter sent to the third-party website, redirects a current page to a login page of the third-party website, and sends the service parameter to the third-party website. By adding the encrypted user identity information into the service parameters of the third-party website, the user identity information is accurately carried to the third-party website by utilizing the service parameters of the third-party website, so that the third-party website can accurately acquire the user identity information when a browser with a SameSite attribute is opened to perform cross-site access.
Further, before sending the service parameter to the third party website, the web site further includes: and carrying out redirection coding on the service parameters, enabling the third-party website to take the service parameters as uniform resource locators, and returning a redirection request according to the uniform resource locators. The web site redirects (URL encodes) the content of the service parameters sent to the third party website after adding the encrypted user identity information to the service parameters of the third party website. For example, the web site addresses are https:// www.o2.com, the third party site addresses are https:// www.sso.com, and the encrypted user identity information is cookie state=xxxx. Then, after the service parameter added with the user identification information is encoded by the URL, the service parameter is https:// www.sso.comservice =URL (https:// www.o2.com & cookie state=XXXX). After redirecting the current page to the third party logging-in website, the third party website prompts the user to log in. Under the condition that the user successfully logs in the third-party website, the third-party website automatically takes out the content which is pre-subjected to redirection coding in the received service parameters, and takes (https:// www.o2.com & cookie state=XXXX) as a Uniform Resource Locator (URL) for redirection to the web website. And redirecting the current page back to the web site according to the URL, returning a redirection request carrying the encrypted user identity information to the web site, and automatically carrying the encrypted user identity information back to the web site through the URL. By carrying out redirection coding on service parameters of the third-party website in advance, when the user logs in successfully to carry out page redirection, the third-party website can carry out redirection by utilizing a uniform resource locator finished by the pre-coding; and the encrypted user identity information is accurately brought back to the web site, so that the user identity information can be transferred in the cross-site login process of the third-party website, and the accuracy of the user identity information transfer is ensured.
In another example, a third party website that logs in cross-site through a web site is a website embedded by a preset tag. Specifically, the current web site has a limitation condition for supporting the third-party website of cross-site login, and the third-party website is required to be nested in the web site by adopting a preset label in advance, so that the cross-site access and login of the third-party website are supported by utilizing sub-resources of the designated type of the web site, and the browser for opening the SameSite attribute is ensured to be effective for all the cross-site accesses of the web site. By utilizing a label nesting mode, sub-resources appointed by the web site are called to support cross-site access and login of the third-party website, so that the validity of the login access of the third-party website is ensured, and meanwhile, the safety in the process of accessing the web site is ensured.
Further, the preset label for nesting the third-party website in the web site comprises: iframe tags and object tags. Among a plurality of sub-resources of the web site, the sub-resources corresponding to the Iframe tag and the object tag are monitored by the browser with the SameSite attribute opened, and the two types of tags are selected to nest the third-party website, so that the security in the process of accessing and logging in the third-party website is further ensured.
Step 102, receiving a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website.
Specifically, the web site sends the user identity information to a preset platform, after the current page is redirected to a login page of the third-party website, the user is prompted to log in the third-party website, after the user inputs correct login authentication information to successfully complete the login of the third-party website, the preset platform returns a redirection request and user identity information to the web site according to the uniform resource locator, the current page is redirected to the web site, and the web site receives the redirection request and the user identity information returned by the preset platform after the user successfully logs in the third-party website.
And 103, analyzing the redirection request, and completing the cross-site login of the third-party website according to the acquired user identity information.
Specifically, after receiving the redirection request of the preset platform, the web site analyzes the redirection request and reads the received user identity information. And then finishing the cross-site login of the user at the third-party website in the web website according to the acquired user identity information. The user identity information can be transmitted in the trusted third-party website and the web website under the condition that the browser opens SameSite through the lightweight protocol, and the legitimacy of the third-party website cross-site login is realized on the basis of ensuring the website access safety.
For example, as shown in fig. 2, a schematic flow chart of cross-site login of a third-party website is implemented on a web site by opening a browser with a SameSite attribute to access the web site. The preset platform is a third-party website, and an encryption algorithm adopted when the user identity information is encrypted is an RSA algorithm. When the user performs business handling, an access request is initiated to a specified web site through a browser. After receiving the access request of the user equipment, the web site detects whether the third party website login is needed. And under the condition that the cross-site login of the third-party website is required to be carried out on the current website, sending encrypted user identity information to the third-party website, and redirecting the current page to the login page of the third-party website. After the user successfully logs in the third-party website, the third-party website initiates a redirection request to the web site, and the current page is redirected back to the initial webpage of the web site with encrypted user identity information. After receiving the redirection request, the web site analyzes the redirection request and obtains the key pair identification in the cookie state parameter. And then reading a public key and a private key (an encryption key and a decryption key) generated when encrypting the user identity information according to the obtained key pair identifier, and decrypting the encrypted parameters by using the decryption key to obtain the user identity information contained in the cookie state parameter. And then, according to the acquired user identity information, identifying the identity of the user who finishes logging in the third-party website, thereby finishing the cross-site logging of the user in the web website on the third-party website.
In addition, in order to ensure the security in the process of transmitting the user identity information, the encryption key and the decryption key are set as disposable keys. After the web site uses the decryption key once, the encryption key, the decryption key and the key pair identifier can be deleted, and then the user identity information is regenerated when being encrypted again.
The embodiment of the application also provides a third-party website login method, which is applied to a web website, wherein a preset platform in the third-party website login process is a proxy node, and the third-party website login process refers to FIG. 1 and comprises the following steps:
and step 101, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of a third-party website.
Specifically, the user initiates an access request to the web site through the browser with the SameSite attribute opened, and the web site requests to access the third-party website when the user requests to access the third-party website and the preset platform is a proxy node. When the current user identity information of the user is sent to a preset platform according to a preset rule, the user identity information and the redirection resource locator are transmitted to the proxy node according to a hypertext transfer protocol, so that the proxy node returns a redirection request according to the redirection resource locator after the user successfully logs in a third-party website, and then the current page is redirected to a login page of the third-party website through the proxy node. By adopting the hypertext transfer protocol to transmit the user identity information and the redirection resource locator, the user identity information is transmitted to the proxy node without encryption, so that the efficiency of the user identity information transmission is improved, and the safety of the user identity information transmission is ensured.
In one example, the web site, after transmitting the user identity information and the redirection resource locator to the proxy node according to the hypertext transfer protocol, further comprises: receiving a login identification returned by the proxy node; redirecting the current page to a landing page of a third party website, comprising: and redirecting the current page to the proxy node according to the login identification, and redirecting the current page to a third party login website through the proxy node. The proxy node applies for the login identification, and redirects the current page to the login page of the third-party website, so that the web website and the third-party website realize indirect interaction according to the login identification.
Step 102, receiving a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website.
And 103, analyzing the redirection request, and completing the cross-site login of the third-party website according to the acquired user identity information.
For example, as shown in fig. 3, a schematic cross-site login flow of a third-party website is implemented on a web site by opening a browser with a SameSite attribute to access the web site. The preset platform is an agent node.
When a user performs business handling, an access request is initiated to a specified web site (with the address of https:// www.o2.com) through a browser, and after the web site receives the access request of user equipment, whether a third party website (with the address of https:// www.sso.com) is required to log in is detected. In case that the cross-site login of the third-party website is detected to be required at the current website, user identity information and a redirection resource locator (LastURL) of the web website are sent to the proxy node (with an address of HTTPs:// www.proxy.com) in the mode of HTTP (hyper text transfer protocol) request, and login identification (Logild) is applied to the proxy node. After receiving the HTTP request of the web site, the proxy node generates a login identifier according to a unique identification code function (Universally Unique Identifier, uuid), and stores the generated login identifier, user identity information, redirection resource locator and the like, and pre-login parameters of the user equipment into a preset storage space. For example, stored in its own memory in Json format, noted as clientPreLoginParam= { LoginId "; "cookie": "XXX"; "lastUrl": "XXX" }. The generated login identification is then returned to the web site. After receiving the login identification, the web site carries the acquired login identification, redirects to the proxy node, and requests to redirect to a third party login site. After receiving the request of redirecting the web site to the third-party website, the proxy node splices the login identification carried in the request to the service parameter of the third-party website, and redirects and encodes the service parameter. The current page is then redirected to the landing page of the third party website and the redirected encoded service parameters (https:// www.sso.com. After the user successfully logs in the third-party website, the third-party website issues a login token ticket, then the received service parameters are taken out, the service parameter content (https:// www.proxy.com & ticket=xxx & loginid=xxxx) is used as a URL for redirecting to the proxy node, and a redirection request carrying a login identifier is initiated to the proxy node. And the proxy node acquires login information of the user from the third-party website according to the login token after receiving the redirection request carrying the login identifier and the login token. And then reading user identity information and a redirection resource locator in the pre-login parameters of the user according to the login identification in the redirection request, and then returning the user identity information and the user login information to the web site in an HTTP mode. After receiving the user login information and the user identity information returned by the proxy node, the web site binds the user login information and the acquired user identity information to take effect. And then the proxy node initiates a redirection request to the web site, the web site analyzes the redirection request of the proxy node, redirects the current page back to the web site, and completes the cross-site login of the third-party website.
In addition, in order to ensure the safety of the user identity information, the proxy node can delete the stored pre-login parameters of the user equipment after using the redirection resource locator once, and reestablish new pre-login parameters when the user equipment needs to log in a third-party website subsequently.
It should be noted that, one proxy node may support multiple web sites to perform cross-site login of a third party website, and the number of web sites that one proxy node supports cross-site login is not limited in this embodiment.
Moreover, it should be understood that the above steps of the various methods are divided, for clarity of description, and may be combined into one step or split into multiple steps when implemented, so long as they include the same logic relationship, and all the steps are within the scope of protection of the present patent; it is within the scope of this patent to add insignificant modifications to the algorithm or flow or introduce insignificant designs, but not to alter the core design of its algorithm and flow.
Another aspect of the embodiment of the present application further provides a third party website login device, referring to fig. 4, including:
and the sending module 401 is configured to send, according to a preset rule, current user identity information of a user to a preset platform and redirect a current page to a login page of the third-party website when the user requests to access the third-party website.
And the receiving module 402 is configured to receive a redirection request and user identity information returned by the preset platform after the user successfully logs in the third-party website.
The login module 403 is configured to parse the redirection request, and complete cross-site login of the third-party website according to the obtained user identity information.
It is to be noted that this embodiment is an apparatus embodiment corresponding to the method embodiment, and this embodiment may be implemented in cooperation with the method embodiment. The related technical details mentioned in the method embodiment are still valid in this embodiment, and in order to reduce repetition, they are not described here again. Accordingly, the related technical details mentioned in the present embodiment may also be applied in the method embodiment.
It should be noted that, each module involved in this embodiment is a logic module, and in practical application, one logic unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present application, units less closely related to solving the technical problem presented by the present application are not introduced in the present embodiment, but it does not indicate that other units are not present in the present embodiment.
The embodiment of the application also provides an electronic device, referring to fig. 5, including: including at least one processor 501; and a memory 502 communicatively coupled to the at least one processor 501; the memory 502 stores instructions executable by the at least one processor 501, and the instructions are executed by the at least one processor 501 to enable the at least one processor 501 to perform the third party website login method described in any one of the method embodiments above.
Where the memory 502 and the processor 501 are connected by a bus, the bus may comprise any number of interconnected buses and bridges, the buses connecting the various circuits of the one or more processors 501 and the memory 502. The bus may also connect various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or may be a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 501 is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor 501.
The processor 501 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 502 may be used to store data used by processor 501 in performing operations.
Another aspect of the embodiments of the present application also provides a computer-readable storage medium storing a computer program. The computer program implements the above-described method embodiments when executed by a processor.
That is, it will be understood by those skilled in the art that all or part of the steps in implementing the methods of the embodiments described above may be implemented by a program stored in a storage medium, where the program includes several instructions for causing a device (which may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps in the methods of the embodiments of the application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples of carrying out the application and that various changes in form and details may be made therein without departing from the spirit and scope of the application.

Claims (10)

1. A third party website login method, comprising:
under the condition that a user requests to access a third-party website, according to a preset rule, transmitting the current user identity information of the user to a preset platform, and redirecting the current page to a login page of the third-party website;
receiving a redirection request returned by the preset platform after the user successfully logs in the third-party website and the user identity information;
analyzing the redirection request, and completing cross-site login of the third-party website according to the acquired user identity information;
the step of sending the current user identity information of the user to a preset platform according to a preset rule comprises the following steps:
encrypting the current user identity information of the user according to a preset asymmetric encryption algorithm under the condition that the preset platform is the third-party website; sending the encrypted user identity information to the third-party website;
and under the condition that the preset platform is an agent node, transmitting the user identity information and the redirection resource locator to the agent node according to a hypertext transfer protocol, so that the agent node returns the redirection request according to the redirection resource locator after the user successfully logs in a third-party website.
2. The third party website login method according to claim 1, wherein the asymmetric encryption algorithm is any one of the following: RSA algorithm, DSA algorithm, ECC algorithm, and DH algorithm.
3. The third party website login method according to claim 1, wherein said sending the encrypted user identity information to the third party website comprises:
and adding the encrypted user identity information into the service parameters of the third-party website, and sending the service parameters to the third-party website.
4. A third party website login method according to claim 3, wherein before said sending said service parameters to said third party website, further comprising:
and carrying out redirection coding on the service parameters, enabling the third-party website to take the service parameters as uniform resource locators, and returning the redirection request according to the uniform resource locators.
5. The third party website login method according to claim 1, wherein after said transmitting said user identity information and redirection resource locator to said proxy node according to a hypertext transfer protocol, further comprising:
receiving a login identification returned by the proxy node;
the redirecting the current page to the login page of the third party website includes: and redirecting the current page to the proxy node according to the login identification, and redirecting the current page to the third party login website through the proxy node.
6. The method of any one of claims 1 to 5, wherein the third party website is a website embedded by a preset tag.
7. The third party website login method according to claim 6, wherein the preset tag comprises: iframe tags and object tags.
8. A third party website login device comprising:
the sending module is used for sending the current user identity information of the user to a preset platform according to a preset rule under the condition that the user requests to access a third-party website, and redirecting the current page to a login page of the third-party website;
the step of sending the current user identity information of the user to a preset platform according to a preset rule comprises the following steps: encrypting the current user identity information of the user according to a preset asymmetric encryption algorithm under the condition that the preset platform is the third-party website; sending the encrypted user identity information to the third-party website;
transmitting the user identity information and the redirection resource locator to the proxy node according to a hypertext transfer protocol under the condition that the preset platform is the proxy node, so that the proxy node returns the redirection request according to the redirection resource locator after the user successfully logs in a third-party website;
the receiving module is used for receiving a redirection request returned by the preset platform after the user successfully logs in the third-party website and the user identity information;
and the login module is used for analyzing the redirection request and completing the cross-site login of the third-party website according to the acquired user identity information.
9. An electronic device, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the third party website login method of any one of claims 1 to 7.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the third party website login method of any one of claims 1 to 7.
CN202111101817.4A 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium Active CN113965352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111101817.4A CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111101817.4A CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113965352A CN113965352A (en) 2022-01-21
CN113965352B true CN113965352B (en) 2023-12-01

Family

ID=79461656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111101817.4A Active CN113965352B (en) 2021-09-18 2021-09-18 Third-party website login method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113965352B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004006499A1 (en) * 2002-07-02 2004-01-15 America Online Incorporated Seamless cross-site user authentication status detection and automatic login
CN1812403A (en) * 2005-01-28 2006-08-02 广东省电信有限公司科学技术研究院 Single-point logging method for realizing identification across management field
WO2011017924A1 (en) * 2009-08-11 2011-02-17 华为终端有限公司 Method, system, server, and terminal for authentication in wireless local area network
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
WO2016000425A1 (en) * 2014-07-02 2016-01-07 百度在线网络技术(北京)有限公司 Method and server for logging in to third-party site
CN105472052A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Login method and system of cross-domain server
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
CN109067914A (en) * 2018-09-20 2018-12-21 星环信息科技(上海)有限公司 Proxy Method, device, equipment and the storage medium of Web service
CN112333198A (en) * 2020-11-17 2021-02-05 ***股份有限公司 Secure cross-domain login method, system and server
CN113329028A (en) * 2021-06-17 2021-08-31 中国农业银行股份有限公司 Cross-domain access method and device
CN113411324A (en) * 2021-06-17 2021-09-17 南京网觉软件有限公司 Method and system for realizing login authentication based on CAS and third-party server

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140007205A1 (en) * 2012-06-28 2014-01-02 Bytemobile, Inc. No-Click Log-In Access to User's Web Account Using a Mobile Device
US9130922B2 (en) * 2012-12-10 2015-09-08 Dropbox, Inc. Using a session continuity token to access an online content management system
US20170093828A1 (en) * 2015-09-25 2017-03-30 Nicolas Lupien System and method for detecting whether automatic login to a website has succeeded

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004006499A1 (en) * 2002-07-02 2004-01-15 America Online Incorporated Seamless cross-site user authentication status detection and automatic login
CN1812403A (en) * 2005-01-28 2006-08-02 广东省电信有限公司科学技术研究院 Single-point logging method for realizing identification across management field
WO2011017924A1 (en) * 2009-08-11 2011-02-17 华为终端有限公司 Method, system, server, and terminal for authentication in wireless local area network
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
WO2016000425A1 (en) * 2014-07-02 2016-01-07 百度在线网络技术(北京)有限公司 Method and server for logging in to third-party site
CN105472052A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Login method and system of cross-domain server
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
CN109067914A (en) * 2018-09-20 2018-12-21 星环信息科技(上海)有限公司 Proxy Method, device, equipment and the storage medium of Web service
CN112333198A (en) * 2020-11-17 2021-02-05 ***股份有限公司 Secure cross-domain login method, system and server
CN113329028A (en) * 2021-06-17 2021-08-31 中国农业银行股份有限公司 Cross-domain access method and device
CN113411324A (en) * 2021-06-17 2021-09-17 南京网觉软件有限公司 Method and system for realizing login authentication based on CAS and third-party server

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
A.L. Heuer ; F. Losemann ; C. Meinel ; .Logging and signing document-transfers on the WWW-a trusted third party gateway. Proceedings of the First International Conference on Web Information Systems Engineering.2002,146-152. *
Android***中第三方登录漏洞与解决方案;董超, 杨超, 马建峰, 张俊伟;计算机学报;第39卷(第3期);582-594 *
Bhale Pradeepkumar Gajendra *
Doygun Demirol ; Gurkan Tuna ; Resul Das.A simple logging system for safe internet use.2017 International Artificial Intelligence and Data Processing Symposium (IDAP).2017,1-5. *
Vinay Kumar Singh ; .Achieving cloud security using third party auditor, MD5 and identity-based encryption.2016 International Conference on Computing, Communication and Automation (ICCCA).2016,1304-1309. *
基于.NET Web服务的跨域单点登录***的实现;徐辉;;电脑知识与技术(20);133-134 *
基于CAS和OAuth的统一认证授权***设计;***;信息技术与网络安全.;第40卷(第06期);83-88 *

Also Published As

Publication number Publication date
CN113965352A (en) 2022-01-21

Similar Documents

Publication Publication Date Title
US11665146B2 (en) Migrating authenticated content towards content consumer
CN106209749B (en) Single sign-on method and device, and related equipment and application processing method and device
US11706036B2 (en) Systems and methods for preserving privacy of a registrant in a domain name system (“DNS”)
KR101861026B1 (en) Secure proxy to protect private data
US7010582B1 (en) Systems and methods providing interactions between multiple servers and an end use device
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
US10904227B2 (en) Web form protection
WO2016127914A1 (en) Redirection method, apparatus, and system
CN103188248A (en) Identity authentication system and method based on single sign-on
EP4191955A1 (en) Method and device for securely accessing intranet application
CN114679293A (en) Access control method, device and storage medium based on zero trust security
JP2017521934A (en) Method of mutual verification between client and server
US10348701B2 (en) Protecting clients from open redirect security vulnerabilities in web applications
CN101567878B (en) Method for improving safety of network ID authentication
US11611551B2 (en) Authenticate a first device based on a push message to a second device
CN103220261A (en) Proxy method, device and system of open authentication application program interface
CN106549760A (en) Auth method and device based on cookie
CN111049832B (en) Reverse proxy method and related device
JP5618883B2 (en) Authentication system, authentication linkage device, authentication method
US20200119919A1 (en) Electronic device authentication managing apparatus
CN113965352B (en) Third-party website login method and device, electronic equipment and storage medium
Binu et al. A mobile based remote user authentication scheme without verifier table for cloud based services
CN115664791A (en) Associated application authentication access method based on dynamic certificate and application thereof
KR101510473B1 (en) Method and system of strengthening security of member information offered to contents provider
CN115102782A (en) Client authentication method and device, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant