[英]Using 'System.Identity.Model.Claims' for Authorization and Authentication
I want to add authentication and authorization to my application. 我想向我的应用程序添加身份验证和授权。 I do not want to use Active Directory for this.
我不想为此使用Active Directory。 Should I use
System.IdentityModel.Claims
to do this? 我应该使用
System.IdentityModel.Claims
来做到这一点吗? Will using System.IdentityModel.Claims
make it easier to implement authentication and authorization and why/why not? 使用
System.IdentityModel.Claims
会使实现身份验证和授权更容易,为什么/为什么不呢?
You might consider looking at the Microsoft Geneva framework for Claims-Based Authentication and authorization. 您可能会考虑查看基于声明的身份验证和授权的Microsoft Geneva框架。 http://www.microsoft.com/geneva
http://www.microsoft.com/geneva
Implementing Claims based security will definitely make things easier on you. 实施基于声明的安全性绝对可以使您更轻松。
Claims-based security has the following advantages over role-based and access control lists (ACLs): 与基于角色和访问控制列表(ACL)相比,基于声明的安全性具有以下优点:
Hope this helps. 希望这可以帮助。
Well what do you want to use? 那么您想使用什么? A database?
数据库? What do you believe claims based authentication will give you?
您认为基于声明的身份验证会给您带来什么?
Claims based authentication makes life easier if you want to flow identity through multiple systems such as a middle tier and onto a compatible back end without having to mess with impersonation and delegation.It's also partially for federation - allowing other people's systems to perform the authentication and for you to then authorise access to your application based on the identity information sent by those systems. 如果您希望将身份流经多个系统(例如中间层)并流到兼容的后端而又不打扰模拟和委派,则基于声明的身份验证将使生活变得更轻松,它还部分用于联合身份验证-允许其他人的系统执行身份验证和然后您可以根据这些系统发送的身份信息授权对您的应用程序的访问。
But if all you want to do is avoid using AD and instead use usernames and passwords sourced from a database then membership providers are an easier option which enable role and user based authorization checks for WCF and ASP.NET. 但是,如果您要做的就是避免使用AD,而是使用从数据库中获取的用户名和密码,则成员资格提供程序是一个更简单的选项,它可以为WCF和ASP.NET启用基于角色和用户的授权检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.