身份驗證策略
?Form 提供一個輸入憑據的自定義窗體(Web 頁),然后在應用程序中驗證他們的身份�。(用戶憑據標記存儲在 Cookie 中)
?Windows IIS根據應用程序的設置執行身份驗證(默認)
?Passport 通過 Microsoft 的集中身份驗證服務執行驗證���,為成員站點(Client)提供單獨登錄和核心配置文件服務
?None 不執行身份驗證
認證授權協議
?OAuth2 (https://oauth.net/2/)
?OIDC(New) (Identity, Authentication) + OAuth 2.0 = OpenID Connect ⇒ OIDC (https://openid.net/specs/openid-connect-core-1_0.html)
?SAML2(https://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf)
?WS-Federation(http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html)
認證與授權
(Authentication VS. Authorization)
⇒OAuth2 VS. OIDC���、SAML2、WS-Federation
★AuthN → Authentication:What you can do
★AuthZ → Authorization:Who are you
IdentityServer介紹
(https://github.com/IdentityServer)
Identity Server4
?free
?open source
?OpenID Connect and OAuth 2.0
?ASP.NET Core.
?ASP.NET Framework 4.6.x
IdentityServer4.WsFederation
?free
?open source
?SAML 1.1/2.0 token
?ASP.NET Framework
?ASP.NET Core
借助IdentityServer4搭建.net認證服務器
?.net core 2.1 (Server)
?.net framework 4.x(Client)
?.net core 2.1(Client)
?IdentityServer4
?Ws-Federation(為了使.net framework 4.x的客戶端也能通過驗證)
?Owin
?IIS 10
Server = .net core2.1 + IdentityServer4 + WsFederation
Client = .net Framework 4.5.x + Owin + WsFederation
Server
1. .net core項目作成(Web Application ASP.NET Core2.1)
2.
launchSettings.json
1 {
2 "iisSettings": {
3 "windowsAuthentication": false,
4 "anonymousAuthentication": true,
5 "iisExpress": {
6 "applicationUrl": "http://localhost:5000/",
7 "sslPort": 0
8 }
9 },
10 "profiles": {
11 "IIS Express": {
12 "commandName": "IISExpress",
13 "environmentVariables": {
14 "ASPNETCORE_ENVIRONMENT": "Development"
15 }
16 },
17 "IdentityServer4.WsFederation": {
18 "commandName": "Project",
19 "launchUrl": "http://localhost:5000",
20 "environmentVariables": {
21 "ASPNETCORE_ENVIRONMENT": "Development"
22 }
23 }
24 }
25 }
3.NuGet install IdentityServer4 (version 2.0.4)
4.System.IdentityModel、System.IdentityModel.Service參照
5.Add Config.cs
6.Copy DemoのQuickstart、Views�����、WsFederation�����、idsrvtest.pfx floder into Project
7.Startup.csの変更
8.起動
(未完待續)
posted on 2019-09-30 10:32
Ying-er 閱讀(495)
評論(0) 編輯 收藏 所屬分類:
.Net