自定义身份2.x挂钩到OWIN管道-多租户SaaS应用
[英]Custom Identity 2.x Hooking Into OWIN Pipeline - Multi-Tenant SaaS Application
问题描述
Question: Can we simply hook into the OWIN pipeline to set and retrieve the security authentication ticket (cookie)? 
问题:我们是否可以简单地加入OWIN管道来设置和检索安全认证票证(cookie)?
I'm searching for the best approach to roll our own security/membership for an MVC 5 application. 我正在寻找为MVC 5应用程序提高安全性/成员资格的最佳方法。 I have no issue with registration, sign-in, password change, two factor, password recovery etc. My concern is the pipeline. 我没有注册,登录,密码更改,两个因素,密码恢复等问题。我关心的是管道。
Project: The project is a multi-tenant SaaS application that requires many changes to the the Identity framework. 项目:该项目是一个多租户SaaS应用程序,需要对Identity框架进行许多更改。 We are exploring writing our own, which we have done for many projects in the past. 我们正在探索编写自己的脚本,过去我们在许多项目中都这样做过。
We do not make use of claims or outside providers such as Google or Twitter for authentication, all accounts are local db role based accounts. 我们不使用声明或外部提供商(例如Google或Twitter)进行身份验证,所有帐户都是基于本地数据库角色的帐户。 The project does not use EF. 该项目不使用EF。
We explored creating our own store for Identity, however, by the time it's fully implemented, there were too many areas of concern and it felt as though though the User Manager was simply in the way. 我们探索了为Identity创建自己的商店,但是,当其完全实施时,存在太多令人关注的领域,并且感觉好像用户管理器只是在妨碍您。 Code was starting to bloat beyond a level of what is needed to role our own. 代码开始膨胀到超出我们自己角色所需的水平。
Passwords are created, managed, and stored securely and are not of concern for this question. 密码是安全创建,管理和存储的,因此与该问题无关。
3 个解决方案
解决方案1
0 2015-10-05 21:29:37
如果您愿意考虑使用托管解决方案,我建议您看一下http://aka.ms/aadb2c-该页面引用的示例将显示如何使用OWIN中间件连接到托管身份存储。
解决方案2
0 2015-10-06 10:59:01
We are running multi-tenanted SaaS app with configurable per-role permissions. 我们正在运行具有可配置每个角色权限的多租户SaaS应用程序。 We make use of Claims system to store user permissions in the cookie when users login. 当用户登录时,我们利用Claims系统将用户权限存储在cookie中。 And that works wonderfully and is really performant. 而且效果很好,而且确实很出色。
You don't have to use actual Claims to put your permissions, but you can store bits of information as a Claim on a user cookie that will be used to determine user permissions. 您不必使用实际的Claims来放置您的权限,但是您可以将一些信息作为Claim存储在用于确定用户权限的用户cookie上。
Since your question is a bit vague about the actual implementation I will not bring any code samples - given your hand-rolled security system, most likely my examples will not be applicable. 由于您的问题对实际的实现有点含糊,因此我不会提供任何代码示例-考虑到您的手动安全系统,我的示例很可能将不适用。 Unless you clarify your question with a specific example of what you are doing. 除非您以具体的操作示例来阐明您的问题。
解决方案3
0 已采纳 2016-07-06 11:10:07
We are using our custom authentication mechanism wired in the OWIN pipeline. 我们正在使用连接在OWIN管道中的自定义身份验证机制。 We are using our own custom middleware into the owin pipeline and thus will enable the authentication to happen 我们在owin管道中使用了自己的自定义中间件,因此将使身份验证能够进行
The only process that needs to be done is your middleware should validate the identity and the cookie authentication middle ware in the pipeline will set the cookie based on the established identity. 唯一需要完成的过程是您的中间件应验证身份,并且管道中的cookie身份验证中间件将基于已建立的身份来设置cookie。
The way this will be working is the ordering of the middlewares and the use of the AuthenticationManager in the Owin authentication pipeline. 这种工作方式是在Owin身份验证管道中对中间件进行排序以及使用AuthenticationManager 。
We too are using social logins like Google, Facebook etc that co-exist with our own custom authentication provider middleware, we also use JWT middleware for implicit flow authentication. 我们也使用与我们自己的自定义身份验证提供程序中间件共存的Google,Facebook等社交登录名,我们还使用JWT中间件进行隐式流身份验证。
Long answer short is : Yes 长答案简短是:是
More details : based on your further post on the exact details that need to be attended to. 更多详细信息:根据您在进一步帖子中需要注意的确切细节而定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.