Thinktecture Identity Server的可能方案?
[英]Possible scenario with Thinktecture Identity Server?
问题描述
I have an ASP.NET SPA which is data driven by Web Api. 
我有一个ASP.NET SPA,它是由Web Api驱动的数据。 It's using default login mechanisms at the moment. 目前,它正在使用默认登录机制。 A future scenario is to do all communication from the web server to the backend over a queue (RabbitMQ). 未来的情况是通过队列(RabbitMQ)进行从Web服务器到后端的所有通信。
Then the simplified structure would looks like this: 然后,简化的结构将如下所示:
User logs on, data exchange is routed over the queue to a backend service. 用户登录后,数据交换通过队列路由到后端服务。 My question is now how make the backend aware if the requst is comming from an authenticated user? 我的问题是,如果请求来自经过身份验证的用户,那么如何使后端知道呢?
I found the Thinktecture STS and for what I know at the moment it looks very interesting. 我找到了Thinktecture STS,就目前所知,它看起来非常有趣。 At least the web authentication should be no issue. 至少Web身份验证应该没有问题。 but for now it looks to me as there is always a browser or a WCF service needed to do the authentication by the examples shown. 但就目前而言,在我看来,始终需要使用浏览器或WCF服务来通过所示示例进行身份验证。 There are no plans to use WCF or Azure on our site. 我们的网站上没有使用WCF或Azure的计划。
Is it possible to transfer tokens the STS issued over a queue and let the consuming windows service be aware of what to do with these token? 是否可以转移通过队列发出的STS令牌,并让使用Windows的服务知道如何处理这些令牌?
1 个解决方案
解决方案1
2 已采纳 2013-07-27 13:45:57
You could do poor man's delegation: 你可以做一个穷人的代表团:
http://www.cloudidentity.com/blog/2013/01/09/using-the-jwt-handler-for-implementing-poor-man-s-delegation-actas/ http://www.cloudidentity.com/blog/2013/01/09/using-the-jwt-handler-for-implementing-poor-man-s-delegation-actas/
The other thing you can do is use WS-Trust in IdentityServer to get a delegation token for the backend service. 您可以做的另一件事是在IdentityServer中使用WS-Trust获取后端服务的委托令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.