ASP核心.多种身份的最佳做法 [英] ASP Core. Best practices for multiple identities

问题描述

env: Asp核心，实体框架

在我的系统中，我有两种类型

In my system I have two types

[Table("User")]
ApplicationUser : IdentityUser<Guid>

[Table("Customer")]
Customer : IdentityUser<Guid>

两个实体( Customer 和 User )都有许多不同的字段，这使得仅使用数据库中的一个表是不正确的.而且两个实体都必须有登录的可能性.
我发现ASP Net只能设置一个身份.

Both entities(Customer and User) have many different fields, what makes using only one table in a Database not correct. And both entities must have possibility to do sign in.
As I found ASP Net can have only one identity setup.

问题:什么是使这些东西起作用的最佳方法或最佳实践?

Question: What is the best way or best practices to make this stuff work?

推荐答案

我建议您不要尝试从应用程序的另一个边界上下文中混合或统一应用程序用户的身份和应用程序用户的含义.

I suggest you not try to mix or unify Identity of application user and meanings of application user from another boundary contexts of you application.

从安全的角度来看，应用程序用户的身份记录是他的表示，它用于用户的标识/身份验证.因此，它包含用户安全数据，其访问角色和其他安全声明.任何身份记录都可以根据其角色和声明拥有非常特定的访问权限，通常就足够了.

Identity record of application user is his representation from security perspective, and it is used for identification/authentication of user. So it contains user security data, its access roles and other security claims. Any Identity record can have very specific access right based on his roles and claims and usually it is enough.

如果您需要从另一个角度来代表应用程序用户(作为您的雇员或客户，也许作为来宾记录等)，那么最好为该表创建另一个表(雇员，客户，来宾等)它在另一个DbContext中(不在Identity上下文中).这将使您不混淆其概念边界的可能性.谁知道，也许您会决定在某个时候为每个边界上下文创建单独的微服务，而Identity会将它们全部作为另一个微服务来提供服务.

If you need to represent application user from another perspective (as your employ, or as you customer, maybe as guest record, etc.) then it is better to create another table (Employees, Customers, Guests , etc.) for it in another DbContext (not in Identity context). It will give you possibility not to mix their conceptual borders. Who knows, maybe at some moment you will decide to create separated microservices for each boundary context and Identity will serve them all as another microservice.

如果您现在问自己如何组织对同一应用程序用户的解释的这种并行存储，则有不同的方法.但例如:

If you asking now yourself how to organize such parallel storing of interpretations of the same application user, then there are different approaches. But for example:

• 用户注册时，您会为其创建身份
• 登录后，他将其身份数据用于身份验证
• 但是，当他创建第一个订单时，您会为其创建具有相同ID或具有Identity的外键的客户记录，或者...其余取决于您的需求和业务逻辑.

这篇关于ASP核心.多种身份的最佳做法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！