堆栈内存溢出
  简体   繁体   English

ConfidentialClientApplication和PublicClientApplication有什么区别?

[英]What is the difference between ConfidentialClientApplication and a PublicClientApplication?

 原文  2018-06-21 00:43:51       .net-core/ msal

问题描述

I'm putting together a web service that provides a RESTful API. 我正在组合提供RESTful API的Web服务。 I've built a UWP client that uses a PublicClientApplication and it works pretty well. 我已经构建了一个使用PublicClientApplication的UWP客户端,并且效果很好。 Now I'm building a Web Application to also speak to the same service and the examples I've found use the ConfidentialClientApplication to acquire access tokens for the user. 现在,我正在构建一个Web应用程序,以使用相同的服务,并且我发现的示例使用ConfidentialClientApplication为用户获取访问令牌。 So what is the difference between the two classes that both seem to produce access tokens (documentation is very light to non-existent) and what are the use cases between the to classes. 那么这两个似乎都产生访问令牌的类之间有什么区别(文档对不存在的访问非常轻),以及to类之间的用例是什么?

1 个解决方案

解决方案1
 4 已采纳  2018-07-09 12:32:12

While looking into MSAL myself I managed to find some documentation for MSAL.net including a chapter about Client applications. 我自己查看MSAL时,设法找到了MSAL.net的一些文档,其中包括有关客户端应用程序的章节

It explicitly talks about the differences between the Confidential client application class and the Public client application class . 它明确地讨论了机密客户端应用程序类公共客户端应用程序类之间的区别。

Confidential Client 机密客户

Confidential client applications are typically applications which run on servers (Web Apps, Web API, or even service/daemon applications). 机密客户端应用程序通常是在服务器上运行的应用程序(Web应用程序,Web API甚至服务/守护程序应用程序)。 They are considered difficult to access, and therefore capable of keeping an application secret. 它们被认为难以访问,因此能够将应用程序保密。 Confidential clients are able to hold configuration time secrets. 机密客户端能够保留配置时间秘密。 Each instance of the client has a distinct configuration (including clientId and secret). 客户端的每个实例都有不同的配置(包括clientId和secret)。 These values are difficult for end users to extract. 最终用户很难提取这些值。 A web app is the most common confidential client. Web应用程序是最常见的机密客户端。 The clientId is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed. clientId是通过Web浏览器公开的,但是秘密仅在反向通道中传递,并且从不直接公开。

Public Client 公共客户

On the contrary public client applications are typically applications which run on devices (phones for instance) or desktop machines. 相反,公共客户端应用程序通常是在设备(例如电话)或台式机上运行的应用程序。 They are not trusted to safely keep application secrets, and therefore access Web APIs in the name of the user only (they only support public client flows). 他们不被信任来安全地保留应用程序的机密,因此仅以用户的名义访问Web API(它们仅支持公共客户端流)。 Public clients are unable to hold configuration time secrets, and as a result have no client secret 公共客户端无法保存配置时间秘密,因此没有客户端秘密

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JsonWriter和JsonTextWriter有什么区别? - What is the difference between JsonWriter and JsonTextWriter? UseHttpsRedirection 和 UseHsts 有什么区别 - What is the difference between UseHttpsRedirection and UseHsts ObjectResult 和 JsonResult 有什么区别 - What is difference between ObjectResult and JsonResult 有什么区别<TargetFramework>和<RuntimeFrameworkVersion> ? - What's the difference between <TargetFramework> and <RuntimeFrameworkVersion>? ConfigureWebHostDefaults 和 ConfigureWebHost 方法有什么区别? - What is the difference between ConfigureWebHostDefaults and ConfigureWebHost methods? Kestrel 设置中的“Urls”和“Endpoints”有什么区别? - What the difference between “Urls” and “Endpoints” in Kestrel settings? .NET Core和PCL有什么区别? - What's the difference between .NET Core and PCLs? EF Core中的AddRange和AddRangeAsync有什么区别 - What is the difference between AddRange and AddRangeAsync in EF Core Blazor中的@{}@code{}和@function{}有什么区别? - What is the difference between @{} @code{} and @function{} in Blazor? 灾难性故障和中断之间有什么区别? - What is the difference between catastrophic failures and interrupting?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM