System and method for controlling access to a resource

摘要

Methods, devices, and computer-readable storage media are provided. In some embodiments, a server receives from a browser on a client a request to access a first web page. In response to receiving the request, the server sends to the client a second web page including an embedded executable program configured to run within the browser on the client, wherein the embedded executable program, when executed on the client, is operable to obtain a ticket-granting ticket stored on the client and send the ticket-granting ticket to the server. The server receives the ticket-granting ticket from the embedded executable program on the client. Furthermore, the server determines whether a user associated with the ticket-granting ticket is authorized to access the first web page. In response to determining that the user is authorized to access the first web page, the server grants the requested access to the first web page.

主权项

1. A method comprising:
receiving, at an image processing device from a browser on a client computing system, a request to access a first web page; in response to the receiving the request, sending, from the image processing device to the client computing system, a second web page including an embedded executable program configured to run within the browser on the client computing system, wherein the embedded executable program, when executed on the client computing system, is operable to obtain a ticket-granting ticket stored on the client computing system and send the ticket-granting ticket to the image processing device, and wherein the ticket-granting ticket contains a cryptographic key usable by an authentication service to determine whether to issue a credential for use in accessing a service; receiving, at the image processing device from the embedded executable program on the client computing system, the ticket-granting ticket; using the ticket-granting ticket to obtain information associated with a user from a directory service, the user associated with the ticket-granting ticket; determining whether the user is authorized to access the first web page based on the information associated with the user; and in response to determining that the user is authorized to access the first web page, granting access to one or more web page elements configured to, when displayed by the browser on the client computing system, receive one or more user inputs for attempting to sign in to the first web page.