[英]What is the difference between MicrosoftAccount, AzureAD and OpenIdConnect authentication?
I got absolutely confused when trying to understand the differences between MicrosoftAccount , AzureAD and OpenIDConnect authentications.当我试图了解MicrosoftAccount 、 AzureAD和OpenIDConnect身份验证之间的区别时,我感到非常困惑。
I am trying to build a.Net Core MVC app that allows some users to authenticate with local accounts, but some with Microsoft accounts.我正在尝试构建一个.Net Core MVC 应用程序,该应用程序允许一些用户使用本地帐户进行身份验证,但有些用户使用 Microsoft 帐户进行身份验证。 I do need to have a local user in DB for both types of authentications as I have some custom authorization mechanisms built on that.对于这两种类型的身份验证,我确实需要在 DB 中有一个本地用户,因为我有一些基于此的自定义授权机制。
I started with creating the app from template and selected "local accounts" authentication.我首先从模板创建应用程序并选择“本地帐户”身份验证。 Then I added the MicrosoftAccount authentication according to this tutorial ( https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-3.1 ) .然后我根据本教程添加了 MicrosoftAccount 身份验证( https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-3.1 ) 。 This is using Microsoft.AspNetCore.Authentication.MicrosoftAccount and seems to be working fine.这是使用 Microsoft.AspNetCore.Authentication.MicrosoftAccount 并且似乎工作正常。
However, when I create a new app from template and select "work or school account" authentication I can see it uses a different library - Microsoft.AspNetCore.Authentication.AzureAD.UI.但是,当我从模板和 select“工作或学校帐户”身份验证创建一个新应用程序时,我可以看到它使用不同的库 - Microsoft.AspNetCore.Authentication.AzureAD.UI。 It seems to do the same thing.它似乎做同样的事情。 I can see there are events I could hook into to connect the AAD user with my local DB.我可以看到我可以挂钩以将 AAD 用户与我的本地数据库连接的事件。
Looking through the web I found some other tutorials that were using OpenIDConnect for the same purpose.通过查看 web,我发现了一些其他教程使用 OpenIDConnect 用于相同目的。
How are those methods different?这些方法有何不同? Which one should I use and why?我应该使用哪一个,为什么?
In future I would like to be able to query the user's directory for a list of other users.将来我希望能够在用户目录中查询其他用户的列表。 Would that requirement be easier met with either of those three methods?这三种方法中的任何一种都会更容易满足这一要求吗?
OpenIdConnect
: This is the general OpenID Connect protocol which you can use to sign in with many different authentication providers because it is a protocol that many of them will support. OpenIdConnect
:这是通用的 OpenID Connect 协议,您可以使用它来登录许多不同的身份验证提供程序,因为它是其中许多人将支持的协议。 You can use OIDC to sign in to either of the above (and many other services) but that will require you to do some more configuration as you will need to figure out specific addresses for example.您可以使用 OIDC 登录上述任何一项(以及许多其他服务),但这需要您进行更多配置,因为您需要找出特定的地址。You can always use the OpenIdConnect or the OAuth authentication scheme to authenticate with most authentication providers but those are the “manual” schemes which will require you to configure additional things.您始终可以使用OpenIdConnect或OAuth身份验证方案与大多数身份验证提供程序进行身份验证,但这些是“手动”方案,需要您配置其他内容。 All the other authentication schemes, including MicrosoftAccount and AzureAD but also the other ones like Google or Twitter build on top of those protocols and come preconfigured so that you do not need to set up much else.所有其他身份验证方案,包括MicrosoftAccount和AzureAD ,以及Google或Twitter等其他身份验证方案都建立在这些协议之上并进行了预配置,因此您无需进行太多其他设置。 So those are mostly for convenience and for more specialized support.所以这些主要是为了方便和更专业的支持。
So when you want to authentication through Microsoft or Azure, then you should choose MicrosoftAccount or AzureAD .所以当你想通过微软或 Azure 进行身份验证时,你应该选择MicrosoftAccount或AzureAD 。 Which of those depends on where you want to authenticate with.其中哪一个取决于您要在哪里进行身份验证。 If you have an Azure AD, then you should use that.如果您有 Azure AD,那么您应该使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.