什么是ASP .NET身份索赔 [英] What is the claims in ASP .NET Identity

问题描述

可有人请解释什么的索赔机制在新的ASP.NET身份的核心意思？

我所看到的，有一个 AspNetUserLogins 表，其中包含用户ID ， LoginProvider 和 ProviderKey 。

不过，我仍然无法理解或发现当数据添加到 AspNetUserClaims 表，这个表是干什么用的？什么情况下的任何信息。

解决方案

  

什么呢索赔机制在新的ASP.NET身份的核心意思？

有是基于角色和索赔两种常见方法的授权

基于角色的安全性

一个用户被分配给用户通过它获取访问权限的一个或多个角色。
另外，通过用户角色分配，用户立即获取所有该角色定义的访问权限。

基于声明的安全性

一个基于声明的标识是集索赔。一位自称是一个实体（用户或其他应用程序），使有关的声明
本身，它只是一个说法。例如，一个如权利要求列表可以有用户的姓名，用户的电子邮件，用户的年龄，用户的一个动作的授权。
在基于角色的安全性，用户$ P $直接psents凭据到应用程序。在基于声明的
模型中，用户presents索赔，而不是凭据的应用程序。对于一个声称具有实用
价值，它必须来自一个实体申请信托。

下面的步骤说明了该序列发生在基于声明的安全模型：

1. 用户请求的操作。依赖方（RP）应用程序要求
   一个令牌。


2. 用户presents凭证发证机关的RP申请信托。


3. 发证机关问题进行索赔签署令牌，认证后的用户
   凭据。


4. 用户presents令牌到RP应用。应用程序验证令牌
   签名，提取权利要求中，并基于权利要求中，接受或拒绝该
   请求。

  

但是，我仍然无法理解和发现的任何信息，当数据
  就将此至AspNetUserClaims和什么情况下该表中使用？

当你在不使用基于角色的安全性的情况下，你选择使用要求为基础
安全，你需要利用AspNetUserClaims表。
对于如何使用ASP.NET中的标识声明，请参阅以下链接以获取更多信息。

<一个href=\"http://kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html\">http://kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html

更新

  

什么时候我必须使用基于角色的安全，当要求为基础？
  能否请你写几个例子吗？

有没有一个非常明确的情况下，你会或不会使用基于角色的要求或基于安全性，而不是像大多数需要使用的情况下的，而不是B.

不过，索赔的访问控制允许从核心业务逻辑的授权规则更好的分离。当授权规则的改变，核心业务逻辑不受影响。这里将是你可能preFER使用权利要求为基础的方法的情况。

  

有时候不需要索赔。这是一个重要的免责声明。
  公司以内部应用程序可以使用集成的主机
  Windows身份验证，实现了许多所提供的好处
  索赔。 Active Directory中不存储用户身份的一个伟大的工作，
  因为Kerberos是的Windows的一部分，您的应用程序不
  必须包括多大认证逻辑。只要每
  应用程序，您可以建立使用集成Windows身份验证，则
  可能已经达到了您的身份乌托邦。然而，有许多
  为什么你可能需要以外的东西比Windows的原因
  验证。你可能有所使用的面向Web的应用
  人谁没有在你的Windows域帐户。另一个
  原因可能是您的公司合并另一家公司
  您无法跨越两个Windows认证的森林是
  不（可能永远）具有信任关系。也许你想
  份额身份与具有non-.NET框架另一家公司
  应用程序或者你需要应用程序之间共享的身份
  在不同的平台上运行（例如，在Macintosh）。这些是
  短短情况，即基于声明的身份可能是正确的
  为你的选择。

有关更多信息，请访问<一个href=\"http://msdn.microsoft.com/en-us/library/ff359101.aspx\">http://msdn.microsoft.com/en-us/library/ff359101.aspx

Can somebody please explain, what the claim mechanism means in new ASP.NET Identity Core?

As I can see, there is an AspNetUserLogins table, which contains UserId, LoginProvider and ProviderKey.

But, I still can't understand or find any information on when data is added to the AspNetUserClaims table and what situations this table is used for?

解决方案

what does claim mechanism means in new ASP.NET Identity Core?

There are two common authorization approaches that are based on Role and Claim.

Role-Based Security

A user gets assigned to one or more roles through which the user gets access rights. Also, by assigning a user to a role, the user immediately gets all the access rights defined for that role.

Claims-Based Security

A claims-based identity is the set of claims. A claim is a statement that an entity (a user or another application) makes about itself, it's just a claim. For example a claim list can have the user’s name, user’s e-mail, user’s age, user's authorization for an action. In role-based Security, a user presents the credentials directly to the application. In a claims-based model, the user presents the claims and not the credentials to the application. For a claim to have practical value, it must come from an entity the application trusts.

Below steps illustrate the sequence of that happens in a claims-based security model:

1. The user requests an action. The relying party (RP) application asks for a token.
2. The user presents the credentials to the issuing authority that the RP application trusts.
3. The issuing authority issues a signed token with claims, after authenticating the user’s credentials.
4. The user presents the token to the RP application. The application validates the token signature, extracts the claims, and based on the claims, either accepts or denies the request.

But, i still can't understand and find any information, when data addes to AspNetUserClaims and what situations this table using for?

When you are in a situation where a Role-Based Security is not used, and you chose to use Claim-Based Security, you would need to utilize AspNetUserClaims table. For how to use Claims in ASP.NET Identity, see below link for more information.

http://kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html

Update

What time i have to use role-based security and when claim-based? Could you please write a few examples?

There isn't a very clear situation where you would or would not use Role-Based or Claim-Based Security, Not like a case where you would use A rather than B.

But, claim-Based access control allows better separation of authorization rules from the core business logic. When authorization rules change, the core business logic remain unaffected. There will be situations where you might prefer using Claim-Based approach.

Sometimes claims aren't needed. This is an important disclaimer. Companies with a host of internal applications can use Integrated Windows Authentication to achieve many of the benefits provided by claims. Active Directory does a great job of storing user identities, and because Kerberos is a part of Windows, your applications don't have to include much authentication logic. As long as every application you build can use Integrated Windows Authentication, you may have already reached your identity utopia. However, there are many reasons why you might need something other than Windows authentication. You might have web-facing applications that are used by people who don't have accounts in your Windows domain. Another reason might be that your company has merged with another company and you're having trouble authenticating across two Windows forests that don't (and may never) have a trust relationship. Perhaps you want to share identities with another company that has non-.NET Framework applications or you need to share identities between applications running on different platforms (for example, the Macintosh). These are just a few situations in which claims-based identity can be the right choice for you.

For more information, please visit http://msdn.microsoft.com/en-us/library/ff359101.aspx

这篇关于什么是ASP .NET身份索赔的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！