zoukankan      html  css  js  c++  java
  • WIF claimsbased identity

    最近使用了Sharepoint 2010的开发,其中包括一个新的服务STS,看了一下,主要资料如下:

    现有的认证授权如Memebership的开发支持已经比较完善了,之所以引入WIF,主要是通过间接的形式抽象,使认证和授权在分布式环境下更易使用。

    With the inflationary growth of distributed systems and online businesses, in the last few years the increasing need for interoperable protocols that could tear down the walls between silos became clear. The big players in the IT industry got together and agreed on a set of common protocols that would support interoperable communications across different platforms. Some examples of those protocols are SOAP, WS-Security, WS-Trust, WS-Federation, Security Assertion Markup Language (SAML), and in more recent times, OpenID, OAuth, and other open protocols.Claims-based identity promotes separation of concerns at a level never achieved before in the identity management world.

    Windows Identity Foundation (WIF) is Microsoft’s stack for claims-based identity programming. It is a new foundational technology which helps .NET developers to take advantage of the claims based approach for handing authentication, authorization, customization and in general any identity-related task without the need to write any low-level code.

    经典的claims-based identity过程

    image

    WIF的过程

    image

    identity providers (IP).

    relying party (RP)

    STS (Security Token Service).

    WIF的具体过程:

    1. WIF sits in front of your application in the ASP.NET pipeline. When an unauthenticated user requests a page, it redirects the browser to the identity provider pages.
    2. Here the IP authenticates the user in whatever way it chooses (perhaps by showing a page with user name and password, using Kerberos, or in some other way). Then it manufactures a token with the required claims and sends it back.
    3. The browser posts the token it got from the IP to the application, where WIF again intercepts the request.
    4. If the token satisfies the requirements of the application (that is, it comes from the right IP, contains the right claims, and so on), the user is considered authenticated. WIF then drops a cookie, and a session is established.
    5. The claims in the incoming token are made available to the application code, and the control is passed to the application.

    参考资料

    ■ The WIF product home page on http://www.microsoft.com/wif

      WIF Runtime 和 WIF SDK
    ■  The Identity Developer Training Kit at http://go.microsoft.com/fwlink/?LinkId=148795

       很多的例子和概念展示
    ■ The WIF team blog at http://blogs.msdn.com/card

         http://www.cloudidentity.net

    ■ The IdElement Show on Channel9: http://channel9.msdn.com/shows/Identity/

  • 相关阅读:
    python 监听文件夹下的文件,将文本内容写入kafka,支持断电续传 (docker 发布)
    python监控目录和文件变化
    Python 单例
    Python 面向对象 继承
    Python 面向对象 多态
    Python 面向对象 类属性和类方法
    Python 基础2
    Python 面向对象
    【bird-front】全自动数据表格组件bird-grid
    【bird-java】bird-java系列文章汇总
  • 原文地址:https://www.cnblogs.com/2018/p/2284157.html
Copyright © 2011-2022 走看看