身份驗證策略
?Form 提供一個輸入憑據(jù)的自定義窗體(Web 頁),然后在應(yīng)用程序中驗證他們的身份。(用戶憑據(jù)標(biāo)記存儲在 Cookie 中)
?Windows IIS根據(jù)應(yīng)用程序的設(shè)置執(zhí)行身份驗證(默認(rèn))
?Passport 通過 Microsoft 的集中身份驗證服務(wù)執(zhí)行驗證,為成員站點(Client)提供單獨登錄和核心配置文件服務(wù)
?None 不執(zhí)行身份驗證
認(rèn)證授權(quán)協(xié)議
?OAuth2 (https://oauth.net/2/)
?OIDC(New) (Identity, Authentication) + OAuth 2.0 = OpenID Connect ⇒ OIDC (https://openid.net/specs/openid-connect-core-1_0.html)
?SAML2(https://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf)
?WS-Federation(http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html)
認(rèn)證與授權(quán)
(Authentication VS. Authorization)
⇒OAuth2 VS. OIDC、SAML2、WS-Federation
★AuthN → Authentication:What you can do
★AuthZ → Authorization:Who are you
IdentityServer介紹
(https://github.com/IdentityServer)
Identity Server4
?free
?open source
?OpenID Connect and OAuth 2.0
?ASP.NET Core.
?ASP.NET Framework 4.6.x
IdentityServer4.WsFederation
?free
?open source
?SAML 1.1/2.0 token
?ASP.NET Framework
?ASP.NET Core
借助IdentityServer4搭建.net認(rèn)證服務(wù)器
?.net core 2.1 (Server)
?.net framework 4.x(Client)
?.net core 2.1(Client)
?IdentityServer4
?Ws-Federation(為了使.net framework 4.x的客戶端也能通過驗證)
?Owin
?IIS 10
Server = .net core2.1 + IdentityServer4 + WsFederation
Client = .net Framework 4.5.x + Owin + WsFederation
Server
1. .net core項目作成(Web Application ASP.NET Core2.1)
2.
launchSettings.json
1 {
2 "iisSettings": {
3 "windowsAuthentication": false,
4 "anonymousAuthentication": true,
5 "iisExpress": {
6 "applicationUrl": "http://localhost:5000/",
7 "sslPort": 0
8 }
9 },
10 "profiles": {
11 "IIS Express": {
12 "commandName": "IISExpress",
13 "environmentVariables": {
14 "ASPNETCORE_ENVIRONMENT": "Development"
15 }
16 },
17 "IdentityServer4.WsFederation": {
18 "commandName": "Project",
19 "launchUrl": "http://localhost:5000",
20 "environmentVariables": {
21 "ASPNETCORE_ENVIRONMENT": "Development"
22 }
23 }
24 }
25 }
3.NuGet install IdentityServer4 (version 2.0.4)
4.System.IdentityModel、System.IdentityModel.Service參照
5.Add Config.cs
6.Copy DemoのQuickstart、Views、WsFederation、idsrvtest.pfx floder into Project
7.Startup.csの変更
8.起動
(未完待續(xù))
posted on 2019-09-30 10:32
Ying-er 閱讀(498)
評論(0) 編輯 收藏 所屬分類:
.Net