weixin_33726318 2015-01-21 08:29 采纳率: 0%
浏览 119


I have a web application and API Server, the web application consumes API always via AJAX except in a couple of scenarios.

When I enable SSO for both, I face the well known problem - how to handle redirect in AJAX.

(A bit more details: Azure mandates that the user should login to AD only via its login page - so ideally when a webpage or an api endpoint is accessed, they should get redirected to the azure login page. Since HTTP302 redirect doesn't work well with XmlHTTP, user will not get redirected to the authentication page when API is accessed via AJAX)

I have a few options to solve this issue:

  1. When the web application is authenticated redirect to a predefined api endpoint (eg: 'api/login') and that will take care of api authentication and once that is done, redirect it back to the web app. So the user will be redirected this way:

    web -> azure login -> web -> api -> azure login (auto login) -> api -> web

  2. Load the api endpoint in an iframe (or an image) and wait for the load complete event

  3. Authenticate only web application - Remove api from sso context and find some other of way to identify and validate the web request at API side (tokens, cookies)

Please help me to choose a right pattern.

  • 写回答



      相关推荐 更多相似问题


      • ¥20 SQL数据查询,子查询
      • ¥15 c++字符串分割问题
      • ¥15 关于#sql#的问题:没有用命令关闭cdc,手动把系统表开启的cdc右键删除了
      • ¥15 vue+uniapp
      • ¥15 android freedom
      • ¥15 使用自定义的类型代替内置类型可行吗
      • ¥15 关于STM32的SPI和ENDAT接口编码器通信的问题
      • ¥15 关于#pdfbox#生成的PDF文件正常,转图片中文乱码的问题,如何解决?
      • ¥15 ADS中有关DAC控件的使用问题
      • ¥15 win11如何运行geoserver