IdentityServer4的用户注册过程 [英] User Registration Process with IdentityServer4

问题描述

我想在我的ASP.NET Core MVC Web应用程序中使用IdentityServer4进行身份验证，但是用户注册过程似乎很麻烦.如果您使用的是本地用户帐户，大多数需要用户注册的网站都不会重定向您进行单独的网站注册(例如Facebook，Twitter等).

I'd like to use IdentityServer4 for authentication in my ASP.NET Core MVC web application, but the user registration process seems awkward. Most web sites that require user registration don't redirect you do a separate site (e.g. Facebook, Twitter, etc.) to sign up if you're using local user accounts.

一种解决方案是以与我的MVC客户端相同的过程托管IdentityServer4，但不建议这样做.

One solution is to host IdentityServer4 in the same process as my MVC client, but that is discouraged.

在IdentityServer4上是否有关于本地用户注册的真实示例?

Are there any good real world examples of local user registration with IdentityServer4?

推荐答案

IdentityServer用于验证现有用户，而不是真正创建新用户. 在我们的用例中，我们有3个项目参与其中:

IdentityServer is for authenticating existing users, not really creating new users. In our use-case, we have 3 projects playing a part:

• 身份服务器
• 受保护的API
• 身份提供者(aspnet核心身份)项目

通过调用API创建用户，该API在身份提供者中创建适当的结构. 验证令牌请求时，我们的身份服务器会向身份提供者进行调用. 我们的API使用身份服务器来保护资源，而身份提供程序则使用我们可能需要的关于该用户的信息，这些信息不包含在声明中(例如，权限).

Users are created by a call to the API, which creates the appropriate structures in the identity provider. Our identity server makes calls to the identity provider when validating requests for tokens. Our API uses identity server to protect the resources, and our identity provider to retrieve information we may need about that user that aren't contained as claims (permissions, for example).

通过这种方式，我们的身份提供者可以在项目之间共享(一个具有不同角色的用户群)，并且Identity Server纯粹是用于对用户进行身份验证.所有用户管理功能都在其他位置.

In this way our identity provider can be shared across projects (one user base with different roles), and the Identity Server is purely for authenticating users. All user management functions belong elsewhere.

@peyman我们没有做任何特别的突破性工作:仅使用aspnet核心标识框架(

@peyman We're not doing anything particular ground-breaking: just using the aspnet core identity framework (http://odetocode.com/blogs/scott/archive/2013/11/25/asp-net-core-identity.aspx).

IUserStore和UserManager是其主要驱动力.创建用户后，将为他们分配一个角色，对我们来说，角色取决于哪个应用程序请求创建该用户.当验证身份时，IdentityServer最终将调用我们的IUserStore实现，IdentityServer使用提供的数据来建立声明.使用Policies进行基于声明的授权，可以相对简单地保护我们的资源API( https://docs.microsoft.com/zh-cn/aspnet/core/security/authorization/claims )

The IUserStore and UserManager are the main drivers of this. When a user is created they are assigned a role, which for us is based on which application requested the creation of that user. Our implementation of IUserStore is what will ultimately be called by IdentityServer when verifying identity, and the data provided is used by IdentityServer to build up claims. Our resource API is relatively simply protected using Policies for claim based authorisation (https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims)

这篇关于IdentityServer4的用户注册过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！