简体繁体 English

有什么区别：Windows身份验证，Passport身份验证和表单身份验证？

[英]What's the difference: Windows Authentication, Passport Authentication and Form Authentication?

原文 2010-09-17 12:08:49 8 4 c#/ asp.net/ sql/ authentication

Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)? 只是开始制作一个Web应用程序，并想知道哪个更好，或者至少它们之间的主要区别是什么（因为它可能对我使用它们很重要）？

Windows Authentication Windows身份验证
Passport Authentication 护照验证
Form Authentication 表格认证

4 个解决方案

I would say it greatly depends on what your web app will be doing, as each one has its place. 我会说这很大程度上取决于你的网络应用程序将做什么，因为每个人都有自己的位置。 Here is some brief details about each one. 以下是每个人的一些简要细节。

Windows authentication enables you to identify users without creating a custom page. Windows身份验证使您无需创建自定义页面即可识别用户。 Credentials are stored in the Web server s local user database or an Active Directory domain. 凭据存储在Web服务器的本地用户数据库或Active Directory域中。 Once identified you can use the user s credentials to gain access to resources that are protected by Windows authorization. 识别后，您可以使用用户的凭据来访问受Windows授权保护的资源。

Forms authentication enables you to identify users with a custom database such as an ASP.NET membership database. 通过表单身份验证，您可以使用自定义数据库（如ASP.NET成员资格数据库）识别用户。 Alternatively you can implement your own custom database. 或者，您可以实现自己的自定义数据库。 Once authenticated you can reference the roles the user is in to restrict access to portions of your Web site. 经过身份验证后，您可以引用用户所在的角色来限制对网站部分的访问。

Passport authentication relies on a centralized service provided by Microsoft. Passport身份验证依赖于Microsoft提供的集中服务。 Passport authentication identifies a user with using his or her e-mail address and a password and a single Passport account can be used with many different Web sites. Passport身份验证使用他或她的电子邮件地址和密码来识别用户，并且单个Passport帐户可以与许多不同的Web站点一起使用。 Passport authentication is primarily used for public Web sites with thousands of users. Passport身份验证主要用于具有数千个用户的公共Web站点。

Anonymous authentication does not require the user to provide credentials. 匿名身份验证不要求用户提供凭据。

http://msdn.microsoft.com/en-us/library/eeyk640h.aspx - ASP.NET Authentication further details on forms and window authentication http://msdn.microsoft.com/en-us/library/eeyk640h.aspx - ASP.NET身份验证有关表单和窗口身份验证的更多详细信息

Edit Rushyo link is better: http://msdn.microsoft.com/en-us/library/ee817643.aspx 编辑Rushyo链接更好： http ： //msdn.microsoft.com/en-us/library/ee817643.aspx

Situation as when you can use what : 当你可以使用什么时的情况：

Windows Authentication : As you will be using the login & password used in a domain... If you use windows authentication, your webapp will (generally) have to be deployed in a network server and all your users should (generally) have a login created for them in the domain. Windows身份验证：因为您将使用域中使用的登录名和密码...如果您使用Windows身份验证，您的Web应用程序（通常）将必须部署在网络服务器中，并且您的所有用户都应该（通常）进行登录在域中为他们创建。 Though cross domain operations are possible, primarily you wont be able to use it in non-domain based environment like public websites. 虽然跨域操作是可行的，但主要是您无法在非基于域的环境（如公共网站）中使用它。 It will be tough if you want to include some users who are outside your domain. 如果您想要包含域外用户，那将很难。

Forms Authentication : Here you are deciding to act independently. 表单身份验证：您决定独立行动。 You will assign each user a separate userId and password and will manage them yourself. 您将为每个用户分配一个单独的userId和密码，并自行管理它们。 The overhead here is you should provide and restrict the ways users are created and removed. 这里的开销是你应该提供和限制创建和删除用户的方式。 Here you are not restricted to any domain. 在这里，您不限于任何域。 For any user to gain access to your webapp should get registered with your webapp. 任何访问您的webapp的用户都应该使用您的webapp注册。 This is similar to any mail sites you see on internet. 这类似于您在互联网上看到的任何邮件站点。

Passport Authentication : You are depending on MS to validate your users. Passport身份验证：您依靠MS来验证您的用户。 This will give you a global status to your application, but if you are going to deploy it only to a small group of users, you will be forcing them to create a passport account (if they don't have) so that they can access your application. 这将为您的应用程序提供全局状态，但如果您只将其部署到一小组用户，您将强制他们创建一个护照帐户（如果他们没有），以便他们可以访问你的申请。

To make it more clear.. Whichever method you follow You can still restrict who can access your webapp, and can also define your own roles for each users. 为了使其更加清晰..无论您遵循哪种方法您仍然可以限制谁可以访问您的Web应用程序，还可以为每个用户定义自己的角色。

This should cover everything you're looking for (and more): 这应该涵盖您正在寻找的一切（以及更多）：

http://msdn.microsoft.com/en-us/library/ee817643.aspx http://msdn.microsoft.com/en-us/library/ee817643.aspx

[Snap - I was totally going to use that exact same quote as well ;)] [Snap - 我完全会使用完全相同的引用;）]

Windows Authentication : As you will be using the login & password used in a domain... If you use windows authentication, your webapp will (generally) have to be deployed in a network server and all your users should (generally) have a login created for them in the domain. Windows身份验证：因为您将使用域中使用的登录名和密码...如果您使用Windows身份验证，您的Web应用程序（通常）将必须部署在网络服务器中，并且您的所有用户都应该（通常）进行登录在域中为他们创建。 Though cross domain operations are possible, primarily you wont be able to use it in non-domain based environment like public websites. 虽然跨域操作是可行的，但主要是您无法在非基于域的环境（如公共网站）中使用它。 It will be tough if you want to include some users who are outside your domain. 如果您想要包含域外用户，那将很难。

Forms Authentication : Here you are deciding to act independently. 表单身份验证：您决定独立行动。 You will assign each user a separate userId and password and will manage them yourself. 您将为每个用户分配一个单独的userId和密码，并自行管理它们。 The overhead here is you should provide and restrict the ways users are created and removed. 这里的开销是你应该提供和限制创建和删除用户的方式。 Here you are not restricted to any domain. 在这里，您不限于任何域。 For any user to gain access to your webapp should get registered with your webapp. 任何访问您的webapp的用户都应该使用您的webapp注册。 This is similar to any mail sites you see on internet. 这类似于您在互联网上看到的任何邮件站点。

Passport Authentication : You are depending on MS to validate your users. Passport身份验证：您依靠MS来验证您的用户。 This will give you a global status to your application, but if you are going to deploy it only to a small group of users, you will be forcing them to create a passport account (if they don't have) so that they can access your application. 这将为您的应用程序提供全局状态，但如果您只将其部署到一小组用户，您将强制他们创建一个护照帐户（如果他们没有），以便他们可以访问你的申请。