用户验证在EventSourcing应用 [英] User Auth in EventSourcing applications

问题描述

我在寻找进入起草与DDD + CQRS + EventSourcing一个应用程序，我有一些麻烦搞清楚如何做到用户认证。

I'm looking into crafting an app with DDD+CQRS+EventSourcing, and I have some trouble figuring out how to do user auth.

用户本质上是我的域的一部分，因为它们对客户负责。我使用ASP.NET MVC 4，我一直在寻找只使用SimpleMembership。由于登录和授权用户来说是一个同步操作，这是怎么解决的最终一致性架构？

Users are intrinsically part of my domain, as they are responsible for clients. I'm using ASP.NET MVC 4, and I was looking to just use the SimpleMembership. Since logging in and authorising users is a synchronous operation, how is this tackled in an eventually consistent architecture?

我将不得不推出自己的身份验证系统，我一直在非规范化的权威性表上读出侧的？如何处理这个安全？我最终会存储我的两个事件存储的密码哈希和我的看法表？

Will I have to roll my own auth system where I keep denormalized auth tables on the read side? How to handle the security of this? Will I end up storing password hashes in both my event store and my view tables?

这么多的问题，如果有人可以提供一些线索，我将非常感激：）

So many questions, if anyone can shed some light, I would be very thankful :)

tldr;你怎么做用户验证的EventSource的应用？

tldr; How do you do User Auth in EventSource-applications?

推荐答案

不是每一个域或业务组件使用国内长途或CQRS。在大多数情况下，用户信息是真的眉头，因此通常可以不使用DDD为。其他领域真的不依赖于实际的用户。还有通常是被由各个域共享一个相关ID（用户ID）。

Not every "Domain" or business component has to use DDD or CQRS. In most cases, user information is really cruddy, so you can usually not use DDD for that. Other domains don't really depend on the actual user. There's usually a correlation id (UserId) that gets shared by the various domains.

如果您的系统中使用的消息，一种选择是注册和不CQRS管理用户，然后发送一个命令（RegisterUser {}用户ID）。这将公布注册的事件的用户。其他领域可以收听本次活动揭开序幕所需的任何工作流或人工鱼礁。

If using messaging in your system, one option is to register and manage users without CQRS, then send a command (RegisterUser { UserId } ). This would publish an event User Registered. Other domains can listen to this event to kick-off any workflows or ARs that are needed.

这篇关于用户验证在EventSourcing应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！