验证票证 [英] Authentication ticket
问题描述
你好,
我正在尝试使用asp.net 2.0平台的Active Directory开发基于自定义表单的身份验证。我在尝试实现安全模型时遇到了困难。以下是我的senerio:
从AD进行身份验证后,我希望能够创建一个自定义身份验证票据,在该票证中我可以保存除角色以外的其他用户信息以及经过身份验证的身份验证ID ,例如用户的组织名称等。
我意识到我可以使用会话来保留其他信息,但对我来说,这个选项是我想要使用的最后一件事。
我已经对Iprinciple做了一些研究,但似乎你只能在该对象中添加用户名和角色信息。
有人可以给我一些指示。
Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio is:
After authentication from AD I want to be able to create a custom authentication ticket in which i can save additional information about user other than roles and authenticated usre id, such as the organization name of the user etc.
I realize that I could use sessions to keep additional info but to me that option is the last thing i want to use.
I have done some research on Iprinciple but it seems that you can only add user name and role informaion to that object.
Can some one please give me some direction.
推荐答案
您好,
我正在尝试使用asp.net 2.0平台的活动目录开发基于自定义表单的身份验证。我在尝试实现安全模型时遇到了困难。以下是我的senerio:
从AD进行身份验证后,我希望能够创建一个自定义身份验证票据,在该票证中我可以保存除角色以外的其他用户信息以及经过身份验证的身份验证ID ,例如用户的组织名称等。
我意识到我可以使用会话来保留其他信息,但对我来说,这个选项是我想要使用的最后一件事。
我已经对Iprinciple做了一些研究,但似乎你只能在该对象中添加用户名和角色信息。
有人可以给我一些方向。
Hello,
I am trying to develop custom form based authentication with active directory with asp.net 2.0 platform. I am having difficulty trying to implement security model. Here is what my senerio is:
After authentication from AD I want to be able to create a custom authentication ticket in which i can save additional information about user other than roles and authenticated usre id, such as the organization name of the user etc.
I realize that I could use sessions to keep additional info but to me that option is the last thing i want to use.
I have done some research on Iprinciple but it seems that you can only add user name and role informaion to that object.
Can some one please give me some direction.
您好Anjummir,
创建自定义IPrincipal对象时,还必须创建自定义IIdentity对象。 IIdentity对象代表您的实际用户,而IPrincipal对象代表该用户的安全上下文。
IIdentity对象是IPrincipal对象的一部分。
IIdentity对象可以包含有关用户的额外详细信息。
IPrincipal对象用于确定用户具有哪些角色/仪式...以确定用户是什么并且不允许做什么。
这有意义吗?
无论如何,如果你只是想在认证cookie中存储一些东西,那么在创建用于存储额外详细信息的cookie时可以使用的属性。此属性称为UserData;并且它存储了一个包含你想要的任何内容的字符串。
请注意,将这些额外信息存储在cookie中是不安全的,因为它存储在IPrincipal(IIdentity)中宾语。确定这些额外用户信息的敏感程度并相应地放置它。
-Frinny
Hi Anjummir,
When you create a custom IPrincipal object you must also create a custom IIdentity object. The IIdentity object represents your actual user, whereas the IPrincipal object represents the security context of that user.
The IIdentity object is part of the IPrincipal object.
The IIdentity object can hold extra details about your user.
The IPrincipal object is used to determine what roles/rites the user has...in order to determine what the user is and is not allowed to do.
Does this make sense??
Anyway, if you just want to store a couple of things in the authentication cookie there is a property that you can use when creating the cookie for storing extra details too. This property is called "UserData" and it stores a string containing whatever you would like.
Just be aware that it is less secure to store this extra information in the cookie as apposed to storing it in an IPrincipal (IIdentity) object. Determine how sensitive this extra user information is and place it accordingly.
-Frinny
非常感谢Frinny的回复。我真的想用Iprincliple。我只是想知道我是否可以获得一些示例代码?或者可能是一个链接?
Thank you very much Frinny for your response. I really want to user Iprincliple. I was just wondering if i can get hold of some sample code? or may be a link?
您好Anjummir,
创建自定义IPrincipal对象时,您还必须创建自定义IIdentity对象。 IIdentity对象代表您的实际用户,而IPrincipal对象代表该用户的安全上下文。
IIdentity对象是IPrincipal对象的一部分。
IIdentity对象可以包含有关用户的额外详细信息。
IPrincipal对象用于确定用户具有哪些角色/仪式...以确定用户是什么并且不允许做什么。
这有意义吗?
无论如何,如果你只是想在认证cookie中存储一些东西,那么在创建用于存储额外详细信息的cookie时可以使用的属性。此属性称为UserData;并且它存储了一个包含你想要的任何内容的字符串。
请注意,将这些额外信息存储在cookie中是不安全的,因为它存储在IPrincipal(IIdentity)中宾语。确定这些额外用户信息的敏感程度并相应地放置它。
-Frinny
Hi Anjummir,
When you create a custom IPrincipal object you must also create a custom IIdentity object. The IIdentity object represents your actual user, whereas the IPrincipal object represents the security context of that user.
The IIdentity object is part of the IPrincipal object.
The IIdentity object can hold extra details about your user.
The IPrincipal object is used to determine what roles/rites the user has...in order to determine what the user is and is not allowed to do.
Does this make sense??
Anyway, if you just want to store a couple of things in the authentication cookie there is a property that you can use when creating the cookie for storing extra details too. This property is called "UserData" and it stores a string containing whatever you would like.
Just be aware that it is less secure to store this extra information in the cookie as apposed to storing it in an IPrincipal (IIdentity) object. Determine how sensitive this extra user information is and place it accordingly.
-Frinny
非常感谢Frinny的回复。我真的想用Iprincliple。我只是想知道我是否可以获得一些示例代码?或者可能是一个链接?
Thank you very much Frinny for your response. I really want to user Iprincliple. I was just wondering if i can get hold of some sample code? or may be a link?
查看MSDN(这是我第一次开始开发自定义登录时在Principal和IIdentity对象上找到的信息)
参见:
- 主体和身份对象
- 演练:实现自定义身份验证和授权
这篇关于验证票证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
