如何將一個(gè)Joomla網(wǎng)站ASP。網(wǎng)絡(luò)頁(yè)面。用戶必須登錄Joomla,但是一些頁(yè)面與.net站點(diǎn)建成的。網(wǎng)絡(luò)頁(yè)面有自己的SQL Server數(shù)據(jù)庫(kù)，其中Joomla使用MySQL數(shù)據(jù)庫(kù)。

有趣的部分是如何。網(wǎng)頁(yè)可以驗(yàn)證是否一個(gè)Joomla用戶登錄。重要的是，這是一種方法，但它不是最安全的方式。它是容易被破解，因?yàn)槲沂褂靡粋€(gè)cookie存儲(chǔ)的（加密）Joomla用戶ID，所以，如果你知道哪種餅干你需要而且能夠解密和/或具有相同的密鑰進(jìn)行加密，你就可以偽造一個(gè)登錄用戶。請(qǐng)注意，這是一個(gè)可接受的風(fēng)險(xiǎn)。一個(gè)突破的影響將是小的。

如上所述，我使用一個(gè)cookie存儲(chǔ)的Joomla用戶ID必須加密提供盡可能多的安全。與下一個(gè)Joomla插件代碼cookie登錄事件創(chuàng)建。在注銷事件cookie被刪除。這個(gè)插件是Joomla 1.5寫(xiě)的，所以在更新的版本，所以在新版本可能需要一些改變.

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
  
require_once('TripleDES.php'); 
// Import library dependencies
jimport('joomla.plugin.plugin');
  
class plgUserSystemIntegration extends JPlugin
{
    function plgUserOVSystemIntegration( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
     
    function onLoginUser( $credentials, $options )
    {
        $user = &JFactory::getUser();

        // Joomla session parameters
        $userId   = $user->get('id');

        // Encrypt the userId to store in cookie
        $key = $this->params->get('key'); // these keys are both used in PHP and .Net
        $iv = $this->params->get('iv');

        $crypt = new Crypt_TripleDES();
        $crypt->setKey($key);
        $crypt->setIV($iv);
        $value = $crypt->encrypt(strval($userId));
        // Encode string as text
        $value = bin2hex($value);
         
        setcookie("SIJ10", $value); // The cookie name is the identifier. It might be best to make this configurable
         
        return true;
    }   
     
    function onLogoutUser( $credentials, $options )
    {
        // Overwrite cookie
        setcookie("SIJ10", "", time()-3600);
         
        return true;
    }
}

除了注銷事件,需要做一些會(huì)話管理,以防用戶沒(méi)有注銷。與下一個(gè)插件刪除cookie Joomla會(huì)話已經(jīng)結(jié)束。

deleted if the Joomla session has ended.

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
  
// Import library dependencies
jimport('joomla.plugin.plugin');
  
class plgSystemSystemIntegrationLogout extends JPlugin
{
    function plgSystemOVSystemIntegrationLogout( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
 
    function onAfterDispatch()
    {
        $user = &JFactory::getUser();
 
        // If no user is logged in
        if (!$user->get('id'))
        {
            // If cookie value was set
            if(isset($_COOKIE["SIJ10"]))
            {
                // Overwrite cookie
                setcookie("SIJ10", "", time()-3600);
            }
        }
    }
}

現(xiàn)在的。網(wǎng)的部分。下一個(gè)方法(s)檢索cookie和解密。hex2bin相當(dāng)于PHP函數(shù),二進(jìn)制數(shù)據(jù)不能放在一個(gè)cookie。文本是解密en解析后一個(gè)整數(shù)。的基本假設(shè)是,只要是有可能的,一個(gè)用戶登錄。更重要的是，在SQL Server數(shù)據(jù)庫(kù)中一個(gè)表包含一個(gè)應(yīng)用級(jí)的用戶（用于后端服務(wù)）的'知道'的Joomla ID，這樣用戶可以對(duì)數(shù)據(jù)庫(kù)進(jìn)行驗(yàn)證，這將使它更安全。

private void Authenticate()
{
    string CookieUserId = "SIJ10";
    if (Request.Cookies[CookieUserId] != null)
    {
        try
        {
            // Decode from hex
            byte[] encodedDataAsBytes = hex2bin(Request.Cookies[CookieUserId].Value); // Change the text to the binary values
 
            // Decrypt
            TripleDES decryptor = TripleDES.Create();
            UTF8Encoding encoding = new UTF8Encoding();
            decryptor.Key = encoding.GetBytes("abcdefgajdhshsgshsjss12"); // It is best to make these keys configurable!
            decryptor.IV = encoding.GetBytes("abcdefgh");
 
            ICryptoTransform decrypt = decryptor.CreateDecryptor();
            byte[] result = decrypt.TransformFinalBlock(encodedDataAsBytes, 0, encodedDataAsBytes.Length); // Decrypt
 
            string returnValue = encoding.GetString(result);
 
            int id = 0;
            if (int.TryParse(returnValue, out id))
                this.UserId = id;
            else
            {
                // Redirect to the login page
                Response.Redirect("~/Login");
            }
 
            // Some session management is needed
            // Check for session timeout
            if (Session["SessionTimeout"] == null)
            {
                // This is the first page request
                Session["SessionTimeout"] = DateTime.Now;
            }
            else
            {
                // This needs to be included in every page (or use a baseclass) or 
                // called with every request
                DateTime lastRequest = (DateTime) Session["SessionTimeout"];
 
                if (DateTime.Now.Subtract(lastRequest).Minutes > 20)
                {
                    Response.Redirect("~/Login");
                }
                else
                {
                    // Update the timeout value
                    Session["SessionTimeout"] = DateTime.Now;
                }
            }
        }
        catch (Exception e)
        {
            Response.Redirect("~/Login");
        }
    }
    else
        Response.Redirect("~/Login");
             
}
 
private byte[] hex2bin(string hexdata)
{
    if (hexdata == null)
        throw new ArgumentNullException("hexdata");
    if (hexdata.Length % 2 != 0)
        throw new ArgumentException("hexdata should have even length");
 
    byte[] bytes = new byte[hexdata.Length / 2];
    for (int i = 0; i < hexdata.Length; i += 2)
        bytes[i / 2] = (byte)(HexValue(hexdata[i]) * 0x10
        + HexValue(hexdata[i + 1]));
 
    return bytes;
}

private int HexValue(char c)
{
    int ch = (int)c;
    if (ch >= (int)'0' && ch <= (int)'9')
        return ch - (int)'0';
    if (ch >= (int)'a' && ch <= (int)'f')
        return ch - (int)'a' + 10;
    if (ch >= (int)'A' && ch <= (int)'F')
        return ch - (int)'A' + 10;
    throw new ArgumentException("Not a hexadecimal digit.");
}