对STS和WIF感到困惑 [英] Confused about STS and WIF

问题描述

我正在建立3个新网站，并希望在这3个不同域中将WIF4.5用于SSO。我已经阅读了很多有关WIF的材料，虽然我了解WIF的原理和目的，但我仍然对WIF在现实生活中的工作方式感到困惑，请帮助我理解以下问题，非常感谢。

I am building 3 new websites and want to use WIF4.5 for SSO across these 3 different domains. I have read tons of materials about the WIF, while I understand the principles and purpose of WIF I am still very confused about how it works in real life, please help me understand the following questions, many thanks.

我所有的网站都将使用共享托管服务进行托管。

All my sites will be hosted using shared hosting services.

1. 每个人都说没有需要构建自己的STS，但是在那种情况下，我可以在哪里找到可以用来登录用户的外部服务，那么对于新用户而言，正常的用户注册界面又如何呢？以及我现有的用户呢？

1. Everyone is saying that there's no need to build you own STS, but if that's case where can I found external services I can use to sign in my users and what about normal user registration interface for new users? and What about my existing users?

如果我只需要构建基于声明的Web应用程序，那么在真实的生产环境中应该从哪里获得用户身份？我需要支付费用还是需要通过我的网站批准？

If i only need to build claim based web applications, where do I get user identities from in a real production environment? Do I have to pay them or do they need to go through my sites to approve them?

是否正确，不再允许用户注册我的网站是否使用STS？

Is it correct that its no longer possible to let user register on my websites if I use STS?

如果我希望所有网站都是基于声明的网站，是否需要启用SSL并为我的所有网站购买X507证书？

Do I need to enable SSL and buy X507 certs for all my sites if I want them to be claim based websites?

我想要一个共享的用户数据库来存储所有新老用户，这是否意味着我必须构建自己的STS？

I want to have a shared user database to store all our users, old and new, does that mean I have to build my own STS?

构建自己的STS到底需要什么，我可以将我的一个网站指定为自己的网站的STS提供者吗？

What exactly does it take to build my own STS, can I pcik one of my websites to be my own STS provider for my own websites?

构建STS需要多少费用？像SSL，证书，其他东西？

What does it take and cost to build a STS? like SSL, certs, other stuff?

如果我的网站基于声明，是否可以启用Facebook / Google / Yahoo之类的社交登录？

Can I enable social sign-in like facebook/Google/Yahoo if my sites are claim based?

谢谢大家。

推荐答案

1. 您绝对可以编写自己的sts。


2. 您可以允许用户在您的sts中注册或与外部身份提供者（google / facebook）联合


3. 不，sts只是一个asp.net Web应用程序，用户可以在其中注册。


4. 否，尽管在用户名/密码时建议使用ssl


5. 否，您可以使用IdentityServer之类的现有sts，该sts允许您针对自己的数据库 http://thinktecture.github.io/


6. 是。 http://netpl.blogspot.com /2011/08/quest-for-customizing-adfs-sign-in-web.html


7. 用于令牌签名的X509证书可以使用免费工具（例如portecle或makecert）创建


8. 是。

1. You definitely CAN write your own sts.
2. You can allow your users to register in your sts or federate with an external identity provider (google/facebook)
3. No, an sts is just a asp.net web app, users CAN register there.
4. No, although ssl is recommended when usernames/passwords are involved.
5. No, you can use an existing sts like the IdentityServer which allows you to use a custom MembershipProvider against your own database http://thinktecture.github.io/
6. Yes. http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-in-web.html
7. X509 certs for token signing can be created with free tools like portecle or makecert
8. Yes.

这篇关于对STS和WIF感到困惑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！