Windows Azure是否具有与AWS Identity Access Management等效的功能? [英] Does Windows Azure have the equivalent of AWS Identity Access Management?

问题描述

因此，我有一个使用AWS的IAM基础架构的移动应用程序，该应用程序有效地允许我向匿名移动设备提供临时访问令牌，以便它们可以直接从移动设备对AWS服务运行查询.

So I have a mobile app that uses AWS's IAM infrastructure that effectively allows me to provide temporary access tokens to anonymous mobile devices, so that they can run queries against AWS services directly from the mobile device.

有人知道Windows Azure是否也可以替代这种东西吗?我已经阅读了有关Windows Azure访问控制的信息，但所有示例似乎都集中在允许通过Facebook，Twitter或Windows Live等方式进行身份验证.就我而言，我不希望移动用户必须登录"在任何地方，我只希望他们能够访问Azure服务(例如表存储)，而不必通过我的服务器.

Does anyone know if Windows Azure has a drop in replacement for this sort of thing too? I've read about Windows Azure Access Control but all examples seem to focus on allowing authentication via the likes of Facebook, Twitter or Windows Live etc. In my case, I don't want the mobile user to have to "log-in" anywhere, I just want them to be able to access Azure services such as table storage, without having to go via my server.

谢谢！

推荐答案

您确实具有创建签名访问签名.这些SAS网址是临时的，您可以随到期时间临时创建它们.在该时间到期后，设备可能必须从您的服务器请求一个新的设备.这可以减轻负载，因为它们不会一直回来，但是您仍然必须运行一些可以为设备生成这些SAS uri的东西.您可以直接根据REST API手动生成SAS，也可以使用其中一个SDK为您生成它们(也可以使用REST API).

You do have the ability to create Signed Access Signatures for all three Windows Azure Storage services (BLOBs, Queues and Tables) as well as for Windows Azure Service Bus Brokered Messages (Queues, Topics & Subscriptions). These SAS urls are temporary and you can create them ad-hoc with expiration times. After that time expires the device would have to request a new one, likely from your server. This reduce the load as they aren't coming back all the time, but you do still have to run something that will gen these SAS uris for the devices. You can generate SAS manually against the REST API direct, or you can use one of the SDKs to generate them for you (which also hit the REST API).

请注意，当您创建SAS时，可以选择将其作为策略"或即席".策略允许您稍后撤消SAS，但是一次只能定义这么多SAS(如果通过设备执行，则对移动方案的限制可能太大).即兴方法允许您根据需要(我认为)提供尽可能多的功能，但是您没有能力撤销它，它只能过期.

Note that when you create a SAS you have the option of doing so as a Policy, or adhoc. A policy allows you to revoke a SAS at a later time, but you can only have so many of these defined at a time (likely too big of a restriction for a mobile scenario if you are doing by device). The adhoc approach allows you pretty much as many as you need (I think), but you don't have the ability to revoke it, it just has to expire.

另一个选择是查看Windows Azure移动服务.该服务在Microsoft管理的服务器上运行，您可以使用它来获取几乎任何您想要的东西.您需要查看"自定义API "功能.另外，请确保您了解移动服务的定价模型 (或者实际上，它代表您决定使用的任何选项).

Another option is to look at Windows Azure Mobile Services. This service runs on servers managed by Microsoft and you can use it to get at just about anything you want. You'd want to look at the "Custom API" feature. Also, make sure you understand the pricing model of mobile services (or really, that stands for any option you decide to go with).

这篇关于Windows Azure是否具有与AWS Identity Access Management等效的功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！