Web和类库项目之间的共享身份验证
[英]Shared Authentication between Web and class library projects
问题描述
I have a Solution divided into 3 projects. 
我有一个分为3个项目的解决方案。
Two of them are MVC 5 web apps which use ASP.Net Identity provider. 其中两个是使用ASP.Net Identity提供程序的MVC 5 Web应用程序。
One is a class library which is referenced by the other projects. 一个是其他项目引用的类库。 All the CRUD actions take place in here. 所有CRUD动作都在这里进行。
All the projects point to same DB and operate via EF. 所有项目都指向同一数据库,并通过EF进行操作。
All the business logic happens in the class library but is user agnostic. 所有业务逻辑都发生在类库中,但与用户无关。 User validation happens in web apps only. 用户验证仅在Web应用程序中发生。 Problems here are user validation code is repeated across all web projects and the class library has no idea of the user invoking an API. 这里的问题是在所有Web项目中都重复了用户验证代码,并且类库不知道用户调用了API。
This kind of architecture will bring maintenance nightmares very soon so I would like only the class library to talk to db for business logic or user validation. 这种架构将很快带来维护方面的噩梦,因此我只希望类库与db进行业务逻辑或用户验证。
Now, since ASP.Net Identity provider doesn't work in class libraries, anybody found a way around it? 现在,由于ASP.Net Identity提供程序在类库中不起作用,因此有人找到解决方法吗?
1 个解决方案
解决方案1
0 已采纳 2014-03-12 13:01:31
I am not sure what "maintenance nightmare" you are referring to by having security in the web application. 我不确定在Web应用程序中具有安全性是指什么“维护噩梦”。 It is a good thing to decouple your application domain from your security model. 将您的应用程序域与安全模型脱钩是一件好事。 Your domain model and business logic may remain the same across certain web applications but the security model may vary. 在某些Web应用程序中,您的域模型和业务逻辑可能保持不变,但是安全模型可能有所不同。 I would not bundle these together. 我不会将这些捆绑在一起。 And if it is in your class libraries how will you let the OWIN security framework handle forms authentication for you. 并且如果它在您的类库中,您将如何让OWIN安全框架为您处理表单身份验证。 Are you going to manage all of this in your class libraries as well. 您是否还要在类库中管理所有这些。
When you refer to "user validation" I assume you are talking about authorization. 当您提到“用户验证”时,我假设您是在谈论授权。 If you must perform authorization in your class libraries I would implement a custom ClaimsAuthorizationManager . 如果必须在类库中执行授权,则可以实现自定义ClaimsAuthorizationManager 。 You would override the CheckAccess method to perform your authorization. 您将覆盖CheckAccess方法以执行授权。 The ClaimsAuthorizationManager is configured in your web.config so you could have different ClaimsAuthorizationManager's for different web applications. ClaimsAuthorizationManager是在web.config中配置的,因此对于不同的Web应用程序,您可以具有不同的ClaimsAuthorizationManager。 But the logic in your class libraries would remain the same. 但是,类库中的逻辑将保持不变。 Anywhere that you want to authorize the user before performing an action you would insert: 在执行操作之前要授权用户的任何位置,您都可以插入:
ClaimsPrincipalPermission.CheckAccess("MyResource", "MyAction");
The resource and action passed is used in the custom ClaimsAuthorizationManager you created to know the context in which the authorization is taking place. 传递的资源和操作将在您创建的自定义ClaimsAuthorizationManager中使用,以了解进行授权的上下文。 I talk about this method for decoupling your security model from your application domain in this article . 在本文中,我将讨论这种用于将安全模型与应用程序域分离的方法。 If the authorization fails a SecurityException is thrown. 如果授权失败,则抛出SecurityException。 You would let this percolate up to your web application where you handle it appropriately (redirect in a controller or an HTTP unauthorized error for Web APi's). 您可以将其渗透到适当处理它的Web应用程序中(在控制器中重定向或Web APi的HTTP未授权错误)。 Note that this architecture will work if you use your class libraries in non-web applications as well. 请注意,如果您还在非Web应用程序中使用类库,则该体系结构也将起作用。 I have used this with ASP.NET Identity and it works well. 我已经将此与ASP.NET Identity结合使用,并且效果很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.