[英]Windows Identity Foundation with Claims based Authentication and Multiple Roles
We are implementing a Secure Token Service (STS) which uses Windows Identity Foundation to provide Claims based authentication and authorisation. 我们正在实施安全令牌服务(STS),该服务使用Windows Identity Foundation提供基于声明的身份验证和授权。
My question is really about best practices and how we should handle multiple roles for a given identity. 我的问题实际上是关于最佳实践以及我们应该如何处理给定身份的多个角色。
When creating claims for a user after they have successfully logged in, we need to be able to add the roles that the user is a member of to the claims before returning to the Relying Party. 在用户成功登录后为其创建声明时,我们需要能够在返回依赖方之前将用户所属的角色添加到声明中。
The Claim object does not accept a collection of strings so I'm wondering how this should be done. Claim对象不接受字符串集合,所以我想知道应该怎么做。 I can think of two ways: 我可以想到两种方式:
My question is really about which of the above is better, or am I missing something better? 我的问题是关于上面哪个更好,或者我错过了更好的东西? Neither solution is perfect as it will require parsing on the other side. 这两种解决方案都不是完美的,因为它需要在另一方面进行解析。
Thanks, John 谢谢,约翰
If you use ADFS as the STS, it inserts multiple roles into the claim 如果使用ADFS作为STS,它会在声明中插入多个角色
eg 例如
etc. 等等
The advantage of this is that WIF can then use the standard IsInRole constructs etc. 这样做的好处是WIF可以使用标准的IsInRole结构等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.