ASP Net Core-将外部身份提供者与单个用户帐户混合在一起以进行审计跟踪 [英] ASP Net Core - Mixing External Identity Provider with Individual User Accounts for Audit Tracking

问题描述

我已经使用个人用户帐户创建了一个默认的ASP Net Core MVC Web应用程序.我在AspNetUsers表中添加了一个自定义UserID INT字段，并将其作为外键链接到所有其他自定义表，以便可以跟踪哪些用户在数据库中插入/更新了哪些记录.我这样做是因为我更喜欢将INT字段用作主键.在这种情况下，一切正常.

I have created a default ASP Net Core MVC web app with Individual User Accounts. I added a custom UserID INT field to the AspNetUsers table and linked this as a foreign key to all my other custom tables so I can track what users inserted/updated records in my database. I did this as I prefer using INT fields for primary keys. In this scenario everything is working fine.

我现在正在考虑使用外部身份提供程序，例如Azure Active Directory，但是我不知道如何将Azure AD中的用户(或任何其他身份提供程序)链接到本地​​数据库表中，以保持外部用户ID关键约束.从我的所有研究中，我找不到关于这种情况的任何文章.

I am now thinking of using an external identity provider such as Azure Active Directory however I cannot work out how I would link a user in Azure AD (or any other identity provider) to my local database tables to maintain the user id foreign key constraints. From all my research I cannot find any articles for this scenario.

如何将用户信息从外部身份提供程序链接到本地​​数据库表?我担心我可能需要双重处理外部身份提供商和本地AspNet用户表中的用户帐户管理，以与其他自定义表一起维护外键，这似乎很疯狂.

也许我遗漏了一些明显的东西，或者我的方法都是错误的，所以如果有更好的选择来跟踪谁使用外部身份提供程序为ASP Net Core Web应用程序在数据库表中做了什么，我会很乐意采用它.

Perhaps i'm missing something obvious or my approach is all wrong so if there is a better alternative for tracking who did what in my database tables for an ASP Net Core web application using an external identity provider I would happily adopt it.

推荐答案

无需其他步骤，即可从外部身份提供者链接用户的用户信息.该Web应用看起来应该是相同的.

There is no need to additional steps to link the user info for the user from external identity provider. It should looks be same for the web app.

当用户从外部身份提供者登录时，仍然需要注册用户才能将用户绑定到单个帐户.唯一的区别是这种个人帐户没有密码，并且可以与AspNetUserLogins中的记录匹配.这有两个帐户，一个帐户绑定到外部身份提供者，另一个则没有:

When the users login from external identity provider, it still require to register the users to bind the user with individual accounts. The only difference is that there is no password for this kind of individual account and it can match the record in the AspNetUserLogins. Here are two accounts, one is binding to the external identity provider and the other is not:

这篇关于ASP Net Core-将外部身份提供者与单个用户帐户混合在一起以进行审计跟踪的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！