Windows Identity Foundation 和多个用户存储

发布于 2024-11-01 21:18:27 字数 858 浏览 9 评论 0原文

我最近对 ​​WIF 研究了很多,但对一些细节仍然有点困惑。我知道如果您使用 ADFS 那就太好了,但这不是我的情况。我的组织内至少有 3 个主要安全系统。我曾尝试让公司将 AD 用于所有内部用途,但这是不可能的。为了创建统一的编程模型,我考虑构建用于身份验证/授权的附加 STS。

  1. 这真的明智吗?我读过的大多数内容都说只需使用 ADFS。如果没有,那就别打扰了。当创建自定义 STS 的过程可能很困难时,是否值得将 WIF 用于统一索赔模型?

  2. 如果并非每个用户都有 AD 登录名可以映射,您该怎么办?例如,我们有许多季节性员工从未真正使用个人帐户登录过机器。主管在早上登录机器,员工扫描他/她的徽章并使用员工 ID。

  3. 我们正在创建一个新应用程序,其代码库将由至少三组不同的用户访问。一组是内部组(使用 AD),另外两个组可能使用 asp.net 默认成员身份(好吧,所以有两组不同的用户存储)。我希望能够使用 WIF 来统一授权/认证,但使用 WIF 似乎想朝相反的方向发展。它不再强调身份验证,只是假设一切都很好,而在许多情况下这是主要问题。在这种情况下,如果有的话,我如何利用 WIF?

我尝试阅读这篇文章:

http://msdn.microsoft.com/en -us/library/ff359105.aspx

并且我阅读了 StarterSTS,我仍然需要阅读更多内容。我还看过StarterSTS作者的视频。我没能真正把所有东西放在一起。感觉 WIF 对我来说没什么用,但我觉得它应该有用,因为我真正追求的是统一的身份验证和授权模型。谢谢

I've been research WIF a lot recently and am still quite a bit confused about some of the specifics. I understand that if you're using ADFS that it's great, but that is not my scenario. Within my organization there are at least 3 main security systems. I have tried to get the company to use AD for all internal uses, but it's just not going to happen. In order to create a unified programming model, I've contemplated building add'l STS's for authenticating/authorizing.

  1. Is this really wise? Most of the stuff I've read says just use ADFS. If not, then don't bother. Is it worth using WIF for the unified claims model when the process of creating custom STS's can be difficult?

  2. What do you do in a case where not every user has an AD login to map to. For example, we have many seasonal employees that never actually log in to a machine with a personal account. The machine is logged in in the morning by a supervisor and the employee scans his/her badge and the employee id is used.

  3. We are creating a new application whose code base will be accessed by at least three different sets of users. One group is internal (using AD) the other two would probably use asp.net default membership (okay, so two different sets of user stores). I'd love to be able to use WIF to unify authorization/auth, but with WIF it seems to want to go in the opposite direction. It de-emphasizes authentication and just kind of assumes it's all good when in many case that is the main concern. How could I leverage WIF in this scenario, if at all?

I've tried reading this article:

http://msdn.microsoft.com/en-us/library/ff359105.aspx

and I read up on StarterSTS which I still need to read up on a bit more. I've also watched the videos by the author of StarterSTS. I'm failing to really put everything together. It feels like WIF won't be useful for me, but I feel like it should since all I'm really after is a unified model of authentication and authorization. Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

凉月流沐 2024-11-08 21:18:27

您想要的与联合身份模型类似。您可以构建一个联合 STS(如 StarterSTS)来规范您的应用程序声明。然后,您可以使用 ACS / AD FS V2 之类的工具来联合这些身份提供商。阅读基于声明的身份指南也是一个好的开始。当您的声明启用您的应用程序时,您可以添加越来越多的身份提供者并使用联合提供者来控制声明并设置规则。

我们刚刚在 CodePlex 上发布了该指南的新版本(文档和代码),同时它正在完成制作过程。

What you want is similar to the Federated Identity model. You can build a Federated STS (like StarterSTS) that would normalize your claims for your application. You can then use something like ACS / AD FS V2 to federate these Identity Providers. Reading the Claims Based Identity Guide is a good start as well. When you Claims enable your application you can add more and more Identity Providers and use the Federation Provider to control the claims and set rules.

We just released a new version of the guide on CodePlex (the docs and code) while it goes through the production process.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文