堆栈内存溢出
  简体   繁体   English

ThinkTecture IdentityServer3与Microsoft.Owin.Security.OAuth2

[英]ThinkTecture IdentityServer3 vs Microsoft.Owin.Security.OAuth2

 原文  2016-11-21 14:25:21       c#/ .net/ oauth-2.0/ identityserver3/ owin.security

问题描述

We are planning to build an OAuth2 authorization server in our company, and we're trying to figure out what to be the correct solution to implement it upon. 我们正计划在我们的公司中构建OAuth2授权服务器,并且我们正在尝试找出将其实现为正确的解决方案。 Currently we're considering using the ThinkTecture IdentityServer3 or the plain Microsoft.Owin.Security.OAuth package. 当前,我们正在考虑使用ThinkTecture IdentityServer3或普通的Microsoft.Owin.Security.OAuth程序包。 One of the things we take into account in which to choose is who already uses it. 我们在选择时要考虑的一件事是谁已经在使用它。 Unfortunately, I cannot find any information regarding IdentityServer3 customers on the ThinkTecture website, neither anywhere else. 不幸的是,我在ThinkTecture网站上找不到关于IdentityServer3客户的任何信息,在其他任何地方都找不到。 Does anybody know, if there are any big players, who rely on this library/framework? 有人知道(如果有大型公司的话)依靠这个库/框架吗?

If anybody has any other guidance in terms of which of the two solutions above is better, that would be valuable for us as well. 如果有人对上述两种解决方案中的哪一种更好,还有其他指导意见,那对我们也很有价值。

Cheers 干杯

1 个解决方案

解决方案1
 8  2016-11-21 14:56:39

The Microsoft.Owin.Security.OAuth library has been deprecated by Microsoft essentially because to use it in any scenarios other than their one sample you have to build lots of additional security infrastructure on top of it. Microsoft.Owin.Security.OAuth库已被Microsoft弃用,这主要是因为要在除其一个示例之外的任何方案中使用它,您必须在其之上构建许多其他安全性基础结构。 Doing this is not trivial and requires you to be very aware of the threats and mitigations when developing an OIDC/OAuth2 provider. 这样做并非易事,并且要求您在开发OIDC / OAuth2提供程序时非常了解威胁和缓解措施。 This sort of security work is already done in IdentityServer. 这种安全性工作已经在IdentityServer中完成。 As such, Microsoft is recommending IdentityServer as the choice going forward for when you need your own customizable OIDC/OAuth2 token service for your applications and APIs. 因此,当您为应用程序和API需要自己的可自定义OIDC / OAuth2令牌服务时,Microsoft建议使用IdentityServer。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IdentityServer3 Microsoft Graph范围和流程 - IdentityServer3 Microsoft Graph scopes and flow Microsoft.Owin.Security.Oauth承载令牌授权拦截 - Microsoft.Owin.Security.Oauth Bearer Token Authorization Interception 具有附加MVC控制器的IdentityServer3自定义OWIN中间件 - IdentityServer3 Custom OWIN Middleware with additional MVC controllers 使用Thinktecture IdentityServer3进行身份验证/授权的本地Android应用程序的正确方法是什么 - What is the correct approach for authentication/authorization Native Android App using Thinktecture IdentityServer3 将Thinktecture IdentityServer3与SessionAuthenticationModule / WSFederationAuthenticationModule一起使用会引发ID4175错误 - Using Thinktecture IdentityServer3 with SessionAuthenticationModule/WSFederationAuthenticationModule throws ID4175 error 通过asp.net Microsoft.Owin.Security.OAuth获取访问令牌 - get access token via asp.net Microsoft.Owin.Security.OAuth 无法加载文件或程序集Microsoft.Owin.Security.OAuth,Version = 2.0.0.0 - Could not load file or assembly Microsoft.Owin.Security.OAuth, Version=2.0.0.0 Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware警告:0:收到无效的承载令牌 - Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware Warning: 0 : invalid bearer token received Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId 和 clientSecret 在尝试从 Postman 生成令牌时出现 null - Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman 具有IdentityServer3 AccessTokenValidation的Identityserver4 - Identityserver4 with IdentityServer3 AccessTokenValidation
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM