堆栈内存溢出
  简体   繁体   English

.NET的开源安全框架

[英]Open Source Security Frameworks for .NET

 原文  2012-04-12 08:44:05       asp.net/ .net/ security

问题描述

Are there any security frameworks that are open source for ASP.NET web forms or MVC? 是否有针对ASP.NET Web表单或MVC开源的安全框架? I'm looking for something to authenticate users, and authorization capabilities if possible. 我正在寻找对用户进行身份验证的内容,并在可能的情况下寻求授权功能。 Just to note, I am NOT interested in the Membership API, but am looking for a framework that has similar capabilities. 请注意,我对Membership API不感兴趣,但是正在寻找具有类似功能的框架。

Thanks. 谢谢。

2 个解决方案

解决方案1
 1  2012-09-14 05:41:54

I just thought I'd post my open source authentication framework. 我只是以为我会发布我的开源身份验证框架。 You didn't say too much about your use case, so I'm not sure how well of a fit it'd be, but I'm sure it's a good starting point since it's BSD licensed. 您没有对用例说太多,所以我不确定它的适用性如何,但是我确定这是一个很好的起点,因为它已获得BSD许可。

Anyway, my authentication framework is called FSCAuth. 无论如何,我的身份验证框架称为FSCAuth。 It's located at bitbucket and BSD licensed. 它位于bitbucket,并获得BSD许可。

Basically, it's goal is to stay out of your way and be significantly simpler to implement than ASP.Net's Membership API. 基本上,它的目标是与ASP.Net的Membership API隔离开来,并且易于实现。

Some things it has going for it: 它有一些作用:

  1. A "stateless" authentication system. 一种“无状态”身份验证系统。 This means no database tables required to keep track of logged in users, and therefore trivial to scale to multiple servers. 这意味着不需要数据库表来跟踪已登录的用户,因此可以轻松地扩展到多个服务器。
  2. Simple, yet fine grained authorization. 简单但细粒度的授权。 Everything is specified in code, and without any magic attributes. 一切都在代码中指定,并且没有任何魔术属性。
  3. Extremely secure out of the box. 开箱即用,非常安全。 Out of the box it uses SHA256 hashing with salt. 开箱即用,它使用带有盐的SHA256哈希。 It's also trivial to configure for BCrypt support 配置BCrypt支持也很简单
  4. No messing with hashes or cookies. 不要弄乱哈希或饼干。 I try to make it as difficult as possible for your to make your application insecure, this includes handling all of the hashes and cookies. 我会尽力使您的应用程序变得不安全,这包括处理所有哈希和cookie。
  5. HTTP Basic Auth out of the box, and works the same way as cookie authentication HTTP基本身份验证开箱即用,其工作方式与Cookie身份验证相同
  6. Trivial to put into an existing database. 轻松放入现有数据库中。 It works by using an interface called a UserStore . 它通过使用称为UserStore的接口UserStore Examples: MongoDB UserStore , SQL Server UserStore 示例: MongoDB UserStoreSQL Server UserStore
  7. Supports .Net 2.0+ and runs on Mono and in Medium-trust 支持.Net 2.0+并在Mono和Medium-trust中运行

It also has some limitations to it. 它也有一些限制。

  1. Windows/domain authentication will never be implemented. Windows /域身份验证将永远不会实现。
  2. It only has the notion of users and groups. 它仅具有用户和组的概念。 There isn't anything built in for user-group-role or anything like that. 用户组角色没有任何内置功能或类似功能。
  3. It has some problems with IIS 6 (can't protect static pages and requires a hellish amount of configuration) IIS 6有一些问题(无法保护静态页面,并且需要大量配置)
  4. It's configuration doesn't use the Web.Config (which I like, but some people don't) 它的配置不使用Web.Config(我喜欢,但有些人不喜欢)

解决方案2
 0  2012-04-12 08:59:12

我唯一想到的就是DotNetOpenAuth,但我不知道它是否可以满足您的需求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET的移动框架(更好的开源) - Mobile frameworks for ASP.NET (better open source) 使用asp.net比其他开源框架(如Ruby on Rails)更容易使用还是更稳定? - Is asp.net easier or more stable to use than other open source frameworks, such as Ruby on Rails? 是否有任何Asp.net安全工具和/或框架? - Are there any Asp.net security tools and/or frameworks? 是.net(或其任何一部分)开源? - is .net ( or any part of it ) open source? .Net 计时开源框架 - .Net Timing Open Source Framework ASP.NET中的打开重定向安全问题 - Open Redirection security issue in asp.net 免费的ASP.NET开源小部件? - Free open source Widgets for ASP.NET? Nutch 的自定义解析器(或开源 .NET Crawler) - Custom Parser for Nutch (or open source .NET Crawler) asp.net开源项目 - asp.net open source projects .NET的缓存框架 - Cache frameworks for .NET
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM