[英]Claims-Based Authorization - how to manage Claims
the last few days I have struggled to understand Claims-Based Authorization, and I have a erious problem to apply theoretical knowledge to a real world MVC website. 过去几天我一直在努力理解基于声明的授权,而且我将理论知识应用到现实世界的MVC网站上有一个严峻的问题。 Tutorials like http://www.codeproject.com/Articles/639458/Claims-Based-Authentication-and-Authorization are describing the process of installation and the very basics, but are sparse on how to manage the Claims.
像http://www.codeproject.com/Articles/639458/Claims-Based-Authentication-and-Authorization这样的教程正在描述安装过程和非常基础,但是如何管理声明却很少。
Suppose a simple MVC Website which is used to save pictures of funny reindeers. 假设一个简单的MVC网站,用于保存有趣的驯鹿的照片。 It is using Thinktecture.IdentityModel, but probably every other Identitymodel would do.
它使用的是Thinktecture.IdentityModel,但可能每个其他Identitymodel都可以。 Suppose that Authentication is in place and working.
假设身份验证已到位且正常工作。
public class ReindeerController : Controller
{
//should be accesible to whole world
public ActionResult AboutReindeers()
{}
//should be accessible to users which are supposed to add Reindeers, e.g. an "Admin" (which is a role, I know)
public ActionResult AddReindeer()
{}
//Only for the Site-owner
public ActionResult DeleteReindeer()
{}
//should be accesible to registred users
public ActionResult Index()
{}
}
So I have a UserClaims Table which stores a User-ID, the type of the claim as URL and the value of the claim. 所以我有一个UserClaims表,它存储用户ID,索赔的类型为URL和索赔的值。 But this is only the technical foundation of claims - I would like to understand if there is a good schema to create claims and to define what claims a user has / needs.
但这只是声明的技术基础 - 我想了解是否有一个好的架构来创建声明并定义用户有/需要的声明。
Have a look at this (old) post about claims authorization to get an overview. 看一下关于声明授权的这篇(旧)帖子,以获得概述。
Then you find some more details here , there are also many other nice posts at thinktecture. 然后你会在这里找到更多细节,thinktecture还有许多其他不错的帖子。
The WIF API description should help you fill inn the blanks. WIF API描述应该可以帮助您填补空白。
I have a UserClaims Table which stores a User-ID, the type of the claim as URL and the value of the claim.
我有一个UserClaims表,它存储用户ID,索赔的类型作为URL和索赔的值。
Sounds like a perfectly fine way to store claims. 听起来像存储索赔的完美方式。 Your approach is correct, and probably what I would do.
你的方法是正确的,也许我会做的。 My advice is not to overthink this problem, you already have a great solution.
我的建议是不要过分思考这个问题,你已经有了一个很好的解决方案。 :)
:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.