所需建议/想法:如何通过ASP.Net Web API Core处理Nuxeo的身份验证和授权
[英]Suggestion/ideas needed: How to handle authentication and authorization for Nuxeo via ASP.Net Web API Core
问题描述
I am investigating Nuxeo for a potential large scale project, our choice of technology is ASP.Net Core Web API and UI end as React. 
我正在研究Nuxeo的潜在大型项目,我们选择的技术是ASP.Net Core Web API和UI端(作为React)。
I need a suggestion on how to handle the authentication and authorization part. 我需要有关如何处理身份验证和授权部分的建议。
Currently I am thinking that whenever a user create an account then I create an account in our external authentication service and then create a new user account in the Nuxeo side also. 目前,我在想,每当用户创建一个帐户时,我都会在我们的外部身份验证服务中创建一个帐户,然后在Nuxeo端也创建一个新的用户帐户。
When the user logs in then first it login via external service and then I login the same user to nuxeo as well. 当用户登录时,它首先通过外部服务登录,然后我也将同一用户登录到nuxeo。
So whenever user does any request then it uses its own logged in instance to do that. 因此,每当用户发出任何请求时,它都会使用自己的登录实例来执行此操作。
The suggestion what I need is 我需要的建议是
- Is this approach good? 这种方法好吗? Meaning creating a new account for each user in nuxeo side as well ? 还要在nuxeo端为每个用户创建一个新帐户? Or should just use a Super user Administrator and all the request goes via that ? 还是应该只使用超级用户管理员,所有请求都通过该管理员?
- If I use the approach where I just create a Client instance with user Administrator Ex. 如果我使用仅用Administrator Administrator Ex创建客户端实例的方法。 new Client(Administrator,Administrator), should I just cache this instance and use the same instance for all the requests ? 新的Client(Administrator,Administrator),我是否应该仅缓存该实例并对所有请求使用相同的实例?
Suggestions or ideas please! 建议或想法!
1 个解决方案
解决方案1
0 2017-07-17 07:17:26
The first approach is much better if you want to leverage the ACL management provided by nuxeo. 如果要利用nuxeo提供的ACL管理,第一种方法会更好。 With the second one, you will need to verify outside nuxeo if a given user has access to a certain content or not. 对于第二个,您将需要验证nuxeo外部是否给定用户可以访问某些内容。
The second approach is the easiest one but I suggest using the first approach. 第二种方法最简单,但我建议使用第一种方法。 The way to do this is to create a custom authentication plugin in Java within nuxeo. 执行此操作的方法是在nuxeo中使用Java创建自定义身份验证插件。
This custom authentication plugin will be responsible for calling your external authentication solution, verify if the user is authenticated, and if it is the case, authenticate the user in nuxeo (or create it if the user doesn't exist). 此自定义身份验证插件将负责调用您的外部身份验证解决方案,验证用户是否已通过身份验证,如果是这样,则在nuxeo中对用户进行身份验证(如果用户不存在则创建用户)。
Below you will find some examples of how to do this: 以下您将找到一些有关如何执行此操作的示例:
https://github.com/michaelgena/nuxeo-unify-sso https://github.com/michaelgena/nuxeo-unify-sso
https://www.nuxeo.com/blog/guest-post-integrating-single-sign-sso-nuxeo-case-management/ https://www.nuxeo.com/blog/guest-post-integrating-single-sign-sso-nuxeo-case-management/
The nuxeo authentication solution is pluggable, which means that you can add your custom authentication mechanism so that whenever a user tries to connect to nuxeo the authentication goes through your custom authentication plugin. nuxeo身份验证解决方案是可插入的,这意味着您可以添加自定义身份验证机制,以便每当用户尝试连接到nuxeo时,身份验证都将通过您的自定义身份验证插件进行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.