将Azure ACS(访问控制服务)与ASP.NET Web API一起使用
[英]Using Azure ACS (Access Control Service) with ASP.NET Web API
问题描述
I'm using the new ASP.NET Web API in a project right now which will require user authentication and authorization to perform some actions: For example, updating a profile page. 
我现在正在项目中使用新的ASP.NET Web API,这需要用户身份验证和授权来执行某些操作:例如,更新配置文件页面。
On a previous version of this same project using ASP.NET MVC 3 without the API requirement, I had a lot of success using Azure ACS and role-based access control (based on this tutorial). 在使用没有API要求的ASP.NET MVC 3的同一项目的先前版本上,我使用Azure ACS和基于角色的访问控制(基于本教程)取得了很大成功。
I would like to be able to use ACS again with the web API, but I don't understand how ACS works well enough to know if this is supported. 我希望能够再次使用ACS与Web API,但我不明白ACS如何运作良好,知道是否支持。 Is it possible / are there any challenges that I'm likely to encounter trying to do this? 是否有可能/我是否有可能遇到的任何挑战试图这样做?
2 个解决方案
解决方案1
4 已采纳 2012-05-03 06:40:16
but I don't understand how ACS works well enough to know if this is supported.
It is supported. 它受到支持。 ASP.NET Web API allows us to build REST services. ASP.NET Web API允许我们构建REST服务。 ACS supports any kinds of REST services. ACS支持任何类型的REST服务。 The usual claim validation process described on this article will work. 本文中描述的通常的声明验证过程将起作用。 We just need to change WCF to Web API. 我们只需要将WCF更改为Web API。
Best Regards, 最好的祝福,
Ming Xu. 徐明。
解决方案2
0 2012-05-04 09:30:35
From my experience, the link you pointed out will probably not help, as it is used for clients (WPF/Windows Phone/etc.). 根据我的经验,您指出的链接可能没有帮助,因为它用于客户端(WPF / Windows Phone /等)。 Using ACS on the service side, we will deal with claims, we can configure ACS to return any claims we like. 在服务端使用ACS,我们将处理索赔,我们可以配置ACS以返回我们喜欢的任何声明。 A claim can be a username, but it can also be a role. 声明可以是用户名,但也可以是角色。 For example, we can create a rule to map a particular user to a role, than ACS will return the role claim to us. 例如,我们可以创建一个规则来将特定用户映射到角色,而ACS会将角色声明返回给我们。
But if we want to integrate with ASP.NET roles, we need to parse the claim (even if it is a role claim), and assign the claim to Thread.CurrentPrincipal. 但是,如果我们想要与ASP.NET角色集成,我们需要解析声明(即使它是一个角色声明),并将声明分配给Thread.CurrentPrincipal。 If we configure ACS to return a SAML token, WIF does this for us. 如果我们将ACS配置为返回SAML令牌,WIF会为我们执行此操作。 If ACS returns a SWT token, we need to do that ourself, or use a library someone else writes for us. 如果ACS返回SWT令牌,我们需要自己做,或者使用别人为我们写的库。 One of those libraries is DPE.OAuth, which is written by DPE team. 其中一个库是DPE.OAuth,由DPE团队编写。 You can get it from http://msdn.microsoft.com/en-us/IdentityTrainingCourse_ACSAndWindowsPhone7 . 您可以从http://msdn.microsoft.com/en-us/IdentityTrainingCourse_ACSAndWindowsPhone7获取它。 While that tutorial tells us how to work with ACS in Windows Phone, the service side OAuth library can be reused. 虽然该教程告诉我们如何在Windows Phone中使用ACS,但可以重用服务端OAuth库。
Best Regards, 最好的祝福,
Ming Xu. 徐明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.