如何在WIF中将声明建模为权限? [英] How to model claims as permission in WIF?
问题描述
我是WIF的初学者。首先,我想使用StarterSTS来管理应用程序的安全性。让我澄清一下我的应用程序需求。例如,应用程序有一些与客户和订单相关的功能。这些对象有一些方法
,例如CRUD(创建,更新,删除,读取)。我想为用户分配权限(CRUD)。根据我的理解,我想将声明模型化为权限。例如,如果用户具有ClaimType = Customers的声明,则Value =" Create"然后
用户有权创建客户。
然而我不知道我的想法是否正确。我想知道任何建议。有没有更好的方法?
提前致谢,
令牌服务不会为您管理应用程序安全性。特别是在StarterSTS(或IdP中的ADFS)角色的情况下 - 作业是对用户进行身份验证并创建描述其身份的令牌(名称,电子邮件,角色 - 甚至权限或功能)。
应用程序的工作是将身份信息放入上下文中,例如您的CRUD操作。
某些上下文是动态生成的(ClaimsAuthorizationManager),其中一些上下文是预先生成的(ClaimsAuthenticationManager。
有查看 http://tinyurl.com/claimsguide 。在开始实施第一个基于声明的系统之前,请从头到尾阅读本指南。
I am a beginner in WIF. First of all, i want to use StarterSTS for managing application's security. Let me clarify my application requirements.For examples, application has some features which are related to Customers and Order. There are some methods
for these objects, such as CRUD (create, update, delete, read). I want to assign permission (CRUD) for user. As my understanding, i want to model claim as permission. For instance, if user has a claim with ClaimType=Customers, Value="Create" then
user has a permission for creating customer.
However i wonder that wherther my thought is right or not. I would like to know any advices. Is there any better approach for this?
Thanks in advance,
A token service won't manage application security for you. Especially in the case of StarterSTS (or ADFS in the IdP) role - the job is to authenticate the user and create a token that describes its identity (name, email, roles - even permissions or capabilities).
It's the job of the application to put that identity information into context, e.g. your CRUD operations.
Some of that context is generated on the fly (ClaimsAuthorizationManager) some of that context is pre-generated (ClaimsAuthenticationManager.
Have a look at http://tinyurl.com/claimsguide. Read this guide from cover to cover before you start implementing your first claims based system.
这篇关于如何在WIF中将声明建模为权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
