IdentityServer4项目架构
[英]IdentityServer4 Project Architecture
问题描述
First off sorry for my English. 
首先,对不起我的英语。
I spent some time learning about IS4, .NET Core, Identity, Auth, Auth, Claims and so on. 我花了一些时间来了解IS4,.NET Core,身份,身份验证,身份验证,声明等。 Today I'm starting to work on my own web project to get theese pieces to work together. 今天,我开始着手于自己的网络项目,以使这些作品能够一起工作。 My solution includes 3 clients (React, Admin-Razor, Mobile), IS4 server and WebAPI (React and Mobile will talk to the API). 我的解决方案包括3个客户端(React,Admin-Razor,Mobile),IS4服务器和WebAPI(React和Mobile将与API通信)。
Since React and Admin clients have two different login pages, should they both use IS4 for authorization and authentication?
由于React和Admin客户端具有两个不同的登录页面,因此它们都应使用IS4进行授权和身份验证吗? The admin project will be an ASP.NET MVC project and won't call an API from different project, so what GrantTypes must I use and should use IS4 for it?
管理项目将是ASP.NET MVC项目,并且不会从其他项目调用API,因此我必须使用哪些GrantType,并且应该使用IS4?
I'm not looking for code examples, just need help for the project architecture with IS4. 我不是在寻找代码示例,只是需要使用IS4的项目体系结构的帮助。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2017-04-13 16:42:09
Identity server is the OpenID Connect identity provider . 身份服务器是OpenID Connect 身份提供者 。 (openidConnect is built on top of OAuth2). (openidConnect建立在OAuth2之上)。 That means, that identity server application will handle all the stuff, related to acces & identity tokens, different flows, federated identity and delegating authority, in other words, doing all the stuff related to authentication and authorization. 这意味着,身份服务器应用程序将处理与acces和身份令牌,不同的流,联合身份和委派权限有关的所有工作,换句话说,将处理与身份验证和授权有关的所有工作。 OpenId connect & OAuth2 approach fit perfectly when dealing with distributed systems, which require centralized security. OpenId connect&OAuth2方法非常适合处理需要集中式安全性的分布式系统。 It means, that using IS4 guarantees that all your application, which trust your identity server will handle authentication and authorization in consolidated way. 这意味着,使用IS4可以确保信任身份服务器的所有应用程序将以合并方式处理身份验证和授权。
For your very architecture, it seems IS4 to be a good starting point, but: 对于您的体系结构,似乎IS4是一个很好的起点,但是:
- Since React and Admin clients have two different login pages, should they both use IS4 for authorization and authentication?
IS4 is separate application, which will issue, validated and manage ypu clients tokens and, eventually, tokens. IS4是单独的应用程序,它将发布,验证和管理ypu客户令牌,以及最终的令牌。 So, likely, the authentication process would be done on the side of IS4. 因此,很可能在IS4方面完成身份验证过程。 It's very similar to 3rd party identity providers (like facebook or google. Remember the buttins "sign in with google"?), but in your case you have your own identity service - IS4, hosted as application. 它与第三方身份提供者非常相似(例如facebook或google。是否还记得“使用google登录”?),但在您的情况下,您拥有自己的身份服务-IS4,作为应用程序托管。 So, the login page by itself should be on the side of IS4, but you are able to customize the layout. 因此,登录页面本身应该位于IS4的一侧,但是您可以自定义布局。
- The admin project will be an ASP.NET MVC project and won't call an API from different project, so what GrantTypes must I use and should use IS4 for it?
The answer is, as always, up to you. 答案一如既往地取决于您。 If you require some identity in your application (not an anonymous access), then the usage of IS is possible and, even, prefered. 如果您在应用程序中需要某些身份(而不是匿名访问),则可以使用甚至是首选使用IS。 However if you admin part is server side application, the best suitable grant flow is "authorization code" (server-server communication on behalf of user). 但是,如果您的管理部分是服务器端应用程序,则最合适的授予流程是“授权代码”(代表用户的服务器-服务器通信)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.