从复杂的授权逻辑迁移到ADFS [英] Migrating to ADFS from a complex authorization logic

问题描述

你好，我的一个应用程序根据他在应用程序中选择的选项对用户拥有自定义访问权限，例如，现在，我的应用程序确定是否有某些功能（比如class /通过查看他选择修改的项目（这是一个项目管理系统），某个用户可以使用这个用户可以拥有某个项目的完全权限而不是另一个项目，所以我的应用程序检查他选择修改哪个项目，然后从DB中引入权限信息，然后通过启用/禁用其中的内容来创建最终页面。

ADFS不支持开箱即用，它会给你声明的令牌，在我的情况下，网站的声明取决于其中选择的项目，应用程序URL保持相同，所以在最坏的情况下，我必须提取与登录用户相关的所有项目的所有访问权限在登录时，但这对我来说看起来不是一个正确的方法所以我正在寻找f或者对此提出一些建议，请发表你的意见。

谢谢，
拉姆

Hello,

One of my app has custom access rights to user based on what options he has selected in the application, for example, right now, my app determines if certain functionality (say class/function/page whatever) is available to certain user by looking at what project he has selected to modify (this is a project mgmt system), this user might have full rights on certain project but not so much on another one, so my applications checks what project he has selected to modify and then brings in the rights information from DB and then creates the final page by enabling/disabling things on it.

ADFS does not support this out of the box, it would give you the token which has claims, in my case the claims for the website are dependent on the project chosen inside it, the app url stays same, so in worst case I have to pull all access rights for all projects related to logged in user at a time of logon, but this does not look like a right approach to me so I am looking for some suggestions on this, please post yours.

thanks,
Ram

推荐答案

之前没有人遇到这种情况？我认为至少有80％的现有应用可能就是这种情况。

Has no one come across such situation before ? I was thinking that this could be the case with at least 80% existing apps.

这篇关于从复杂的授权逻辑迁移到ADFS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！