分别托管API和IdentityServer4托管(C#、. NET CORE)有什么优势? [英] What are the advantages of hosting your API(s) and IdentityServer4 host separately (C#, .NET CORE)?
问题描述
也许我要问的问题非常明显和简单,但是作为IdentityServer4的初学者,或者大致上是oAuth2,OpenID和API的初学者,我很难理解.
Perhaps the question I am about to ask is very obvious and simple, but as a beginner in IdentityServer4 and more or less in oAuth2, OpenID and API's in general, I find it quite hard to understand.
我们公司的目标是使用身份验证和授权转向更安全的应用程序构建方式(Visual Studio 2017,C#、. NET Core 2).经过几天的研究,我最终使用了IdentityServer4(也是因为文档确实很棒).
Our company's goal is to move to a more secure application building way (Visual Studio 2017, C#, .NET Core 2) using Authentication and Authorization. After some days of research I ended up with using IdentityServer4 (also because the documentation is really great).
遵循IdentityServer文档( https://media.readthedocs.org/pdf/identityserver4/release/identityserver4.pdf ),直到第7章,我只剩下一个.
After following the IdentityServer Documentation (https://media.readthedocs.org/pdf/identityserver4/release/identityserver4.pdf) up till chapter 7, I have one remaining.
我正在尝试使用API后端构建MVC应用程序(网络)以检索/插入数据,以便以后可以将API用于SPA/Xamarin应用程序之类的其他应用程序.对于IdentityServer主机,我选择了具有asp.net身份的IdentityServer.我运行了它,一切都很好,但是仍然存在以下问题:
I am trying to build a MVC application (web) with an API backend for retrieving / inserting the data so that I can later use the API for other applications, like a SPA / Xamarin application. For the IdentityServer host I went for IdentityServer with asp.net identity. I got it running and it all works great, however the following question remains:
与IdentityServer主机一起托管API(要处理数据库操作)有什么缺点? 对我来说,有这么多不同的项目似乎不合逻辑,而(据我所知)这两个项目(API和IdentityServer主机)可以完美地结合在一起.
What are the disadvantages of hosting my API, in which I want to handle Database operations, together with the IdentityServer host? It doesn't seem logical to me to have so many different projects while (so far as I can tell) these 2 (the API and IdentityServer host) can be joined together perfectly fine.
(几乎)在IdentityServer4的所有示例中,IdentityServer主机和API都是单独的项目,将两者作为单独的项目进行托管有何优势.
In (almost) all the examples found of IdentityServer4 the IdentityServer host and API's are separate projects, what are the advantages of hosting the two as separate projects.
推荐答案
我要说单一责任.
像这样处理它-Identity Server是一个框架,可为您提供针对客户端/API的身份验证.而已! (当然,这都是根据您的规则,政策等完成的.)
Treat it like this - Identity Server is a framework, that provides you the authentication against your clients/API's. That's it! (of course this is all done based on your rules, policies etc).
从数据库中添加/编辑/删除用户不是Identity Server的目的. Identity Server的目的不是为此用户赋予角色. 最重要的是-授权该用户不是Identity Server的目的.
It is not Identity Servers' purpose to add/edit/delete users from your database. It is not Identity Servers' purpose to give roles to this users. And most important - it is not Identity Servers' purpose to authorize this users.
所有这些都必须在您的客户端/api中完成.
All these must be done in your clients/api's.
在您的情况下-您需要一个单独的API,该API将照顾用户(以及所需的其他数据),但是我想您希望此API受Identity Server保护.
In your case - you need a separate API that will take care for the users (and other data that you need), but I guess that you want this API to be protected by Identity Server.
这是分隔的地方,应予以保留-Identity Server不应针对自己对自己的API进行身份验证.
This is where the separation comes and should be kept - Identity Server should not authenticate its own API against himself.
所有示例,文章等都包含单独的项目是有原因的.
There is a reason that all the examples, articles and etc are with separated projects.
PS: Of course there are some examples of achieving this (damienbod's one is good).
这篇关于分别托管API和IdentityServer4托管(C#、. NET CORE)有什么优势?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
