我的申请中的自定义索赔 [英] Custom Claims in my application
问题描述
您好
我一直在尝试了解如何使用cutom声明来组织在应用程序上下文中使用WIF的应用程序。
所以,我理解正确,如果我需要使用自定义声明,他们是在STS方面定义的吗?这似乎很奇怪,因为我会看到声明发生变化(可能经常),我认为这应该是应用程序的关注点(即RP)? (我也需要能够添加和删除声明)
要记住的另一件事是我很可能会拥有许多身份提供者(即不同的租户可能会使用不同的身份) Id提供商)所以如果我的STS有索赔问题并且STS是IdP那么这意味着我将不得不在每个STS上复制索赔管理方面,这是我宁愿避免的东西
然后我在想,也许这个问题有两个方面:
(1)用户身份验证(可能使用外部STS完成,其中唯一需要检查的是身份,可能完全是外部的)
(2)用户授权,应该离应用程序更近,甚至很可能与应用程序在同一个域中
欢迎提出任何指示
干杯
I已经经历了类似的过程。我已经在我的博客上记录了我的思路: http://travisspencer.com/博客/ 2009/10 /联合身份候补a.html 。
HTH!
块引用>
Hi there
I ve been trying to understand how to organise an application that uses WIF within the context of an application if using cutom claims.
So, I f i understand correctly, If I need to use custom claims they are defined on the STS side of things? That seems rather odd, as I would see claims changing ( perhaps often) and I think that should be a concern of the application ( ie the RP) ? ( I need to be able to add and remove claims too )
Another thing to keep in mind is that is quite likely that I will have many identity Providers ( ie different tenants could potentially use different Id Providers) so If my STS has claims concerns and the STS is the IdP then that means I will have to duplicate the claim management aspect on each STS , which i ssomething I d prefer to avoid
Then I was thinking, perhaps the problem is two fold:
(1) The user Authentication ( that can probably be done using an external STS whose only concern is to check the Identity and could be completely external)
(2) The user authorization , that should live closer to the application and it s quite likely even in the same domain as the Application
Any pointers on this very welcome
Cheers
解决方案I've gone through a similar though process. I've documented my line of thinking on my blog at http://travisspencer.com/blog/2009/10/federated-identity-candidate-a.html.
HTH!
这篇关于我的申请中的自定义索赔的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!