owin和oAuth2.0有什么关系? [英] What is the relationship between owin and oAuth2.0?
问题描述
我研究了外部登录策略,该术语使我感到困惑.以下之间是什么关系.
I study external login strategies and the terminology confuses me. What's the relation between the following.
- 欧文
- OauthWebSecurity
- OAuth 2.0
- Oka Katana
- ASP.NET身份
推荐答案
Owin
Owin只不过是规范.它代表.Net的Open Web Interface. 用非常简单的术语来说,它基于以下想法:使用一些语言构造(代理和字典),您可以创建一个用于处理Web请求的框架,该框架独立于托管位置(您甚至可以从以下位置运行"owin应用程序"控制台应用程序.)
Owin
Owin is no more than a specification. It stands for Open Web Interface for .Net. In very simplistic terms it is based in the idea that using a few language constructs (delegates and a dictionary) you can create a framework for handling web requests that is independent of where it is hosted (you can even run an "owin application" from a console app).
Owin规范的实现称为Katana.
The implementation of Owin's specification is called Katana.
OAuth 2.0是 Authorization 协议. OAuth背后的想法是您(资源所有者)可以将访问权限委派给第三方.一个示例是一个Web应用程序,它可以为您在Facebook墙上发布信息. 同样,以非常简单的方式,当用户访问受保护的资源时,通过向用户发送302重定向来实现这一点. 302会将用户重定向到例如Facebook的oauth登录页面( https://graph.facebook.com/我吗?access_token = [access_token] . 此工作流程有所不同.答案末尾的链接中都对它们进行了说明.
OAuth 2.0 is an Authorization protocol. The idea behind OAuth is that you (the resource owner) can delegate access privileges to a third-party. An example is a Web app being able to post on your Facebook wall for you. Again, in very simplistic terms, this materializes by sending a 302 redirect to the user when she accesses a protected resource. That 302 redirects the user, for example to Facebook's oauth login page (https://www.facebook.com/dialog/oauth?client_id=...&redirect_url=[yourwebapp]&scope=[permissionsrequiredfromuser]). After you login to facebook, accept the permission request, facebook will send a 302 redirect to the redirect_url you provided with an access_token that you can then use to send requests on behalf of the user that provided the credentials. For example, to get information about the user you'd perform a request to https://graph.facebook.com/me?access_token=[access_token]. There are variations for this workflow. They are all explained in the links at the end of the answer.
ASP.NET Identity与ASP.NET无关.谈论不良的命名...它提供了从数据源保存和检索用户数据的功能.它还使您能够将声明和角色与用户,其他登录提供者"相关联(当您使用facebook登录"并且facebook中的user_id与本地用户标识相关联时,情况就是这样).存储在AspNetUserLogins表中.
ASP.NET Identity has nothing to do with ASP.NET. Talk about poor naming... It provides functionality to save and retrieve user's data from a data source. It also provides you with the ability to associate claims and roles to the users, other "login providers" (that would be the case when you "login with facebook" and your user_id from facebook gets associated with your local user id, this information is stored in the AspNetUserLogins table).
在MVC项目模板中使用它的方式是在帐户"控制器和CookieAuthenticationMiddleware中.
The way you see it being used in the MVC project template is in the Account controller and the CookieAuthenticationMiddleware.
http://odetocode .com/blogs/scott/archive/2013/07/09/getting-started-with-owin-katana-and-vs2013.aspx http://odetocode.com/blogs/scott/archive/2013/11/11/writing-owin-middleware.aspx http://odetocode.com/blogs/scott/archive/2013/11/12/simple-logging-middleware-katana-part-4.aspx http://www.asp.net/aspnet/overview/owin-and-katana/项目-katana概述 http://www.asp.net/aspnet/overview/owin-和-katana/owin-startup-class-detection
https://developers.facebook.com/docs /facebook-login/manually-build-a-login-flow/v2.1 http://博客. msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx http://www.asp.net/web-api/overview/security/external-身份验证服务
http://brockallen.com/2013/10/20/the-asp-net-identity/ http://curah.microsoft.com/55636/aspnet-identity http://typecastexception.com/post/2014/04/20/ASPNET-MVC-and-Identity-20-Understanding-the-Basics.aspx
这篇关于owin和oAuth2.0有什么关系?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
