身份验证策略

Form 提供一个输入凭据的自定义窗体(Web 页),然后在应用程序中验证他们的身份。(用户凭据标记存储在 Cookie 中)
Windows IIS根据应用程序的设置执行身份验证(默认)
Passport 通过 Microsoft 的集中身份验证服务执行验证,为成员站点(Client)提供单独登录和核心配置文件服务
None 不执行身份验证

认证授权协议

・OAuth2 (https://oauth.net/2/)
・OIDC(New) (Identity, Authentication) + OAuth 2.0 = OpenID Connect ⇒ OIDC (https://openid.net/specs/openid-connect-core-1_0.html)
・SAML2(https://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf)
・WS-Federation(http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html)

认证与授权

(Authentication VS. Authorization)
⇒OAuth2 VS. OIDC、SAML2、WS-Federation
★AuthN → Authentication:What you can do
★AuthZ → Authorization:Who are you

IdentityServer介绍

(https://github.com/IdentityServer)
Identity Server4
・free
・open source
・OpenID Connect and OAuth 2.0 
・ASP.NET Core.
・ASP.NET Framework 4.6.x
IdentityServer4.WsFederation
・free
・open source
・SAML 1.1/2.0 token
・ASP.NET Framework
・ASP.NET Core

借助IdentityServer4搭建.net认证服务器 

・.net core 2.1 (Server)
・.net framework 4.x(Client)
・.net core 2.1(Client)
・IdentityServer4
・Ws-Federation(为了使.net framework 4.x的客户端也能通过验证)
・Owin
・IIS 10

Server = .net core2.1 + IdentityServer4 + WsFederation
Client = .net Framework 4.5.x + Owin + WsFederation

Server

1. .net core项目作成(Web Application ASP.NET Core2.1)
2. 
launchSettings.json
 1 {
 2   "iisSettings": {
 3     "windowsAuthentication": false,
 4     "anonymousAuthentication": true,
 5     "iisExpress": {
 6       "applicationUrl": "http://localhost:5000/",
 7       "sslPort": 0
 8     }
 9   },
10   "profiles": {
11     "IIS Express": {
12       "commandName": "IISExpress",
13       "environmentVariables": {
14         "ASPNETCORE_ENVIRONMENT": "Development"
15       }
16     },
17     "IdentityServer4.WsFederation": {
18       "commandName": "Project",
19       "launchUrl": "http://localhost:5000",
20       "environmentVariables": {
21         "ASPNETCORE_ENVIRONMENT": "Development"
22       }
23     }
24   }
25 }
3.NuGet install IdentityServer4 (version 2.0.4)
4.System.IdentityModel、System.IdentityModel.Service参照
5.Add Config.cs
6.Copy DemoのQuickstart、Views、WsFederation、idsrvtest.pfx floder into Project
7.Startup.csの変更
8.起動
(未完待续)



posted on 2019-09-30 10:32 Ying-er 阅读(465) 评论(0)  编辑  收藏 所属分类: .Net

只有注册用户登录后才能发表评论。


网站导航: