WIF、STS 和成员资格表 [英] WIF, STS and Membership tables

问题描述

我目前正在考虑将 WIF 用于即将开展的项目，如果您能帮助我查找信息，我将不胜感激.我环顾四周，没有一个决定性的答案.

I'm currently looking into using WIF for an upcoming project and would appreciate some help finding information. I've looked around a bit and don't have a decisive answer.

我有一个当前使用 ASP 会员资格的站点，并且我在这些表中有大量用户.

I have a current site that runs off ASP membership, and I have a large number of users in those tables.

• 是否有任何可信赖的自定义 STS 使用会员资格表?
• 我当前使用 ASP 会员资格的站点是否需要进行大量更改使用 WIF 和 STS?
• 使用 WIF 时是否必须使用证书?
• ADFS 和 ASP 会员资格有什么区别实施?
• 他们是否有更简单的基于 MS 的 SSO 解决方案?

感谢您提供的任何帮助.

Thank you for any help you can provide.

推荐答案

• 查看 IdentityServer 以了解使用 SQL Server 成员资格提供程序的自定义 STS.(更新:项目页面改为http://thinktecture.github.io/Thinktecture.IdentityServer.v2/ 代码已移至 https://github.com/thinktecture/Thinktecture.IdentityServer.v2)

  • Take a look at IdentityServer for a custom STS that uses the SQL Server Membership Provider. (Update: The project page is changed to http://thinktecture.github.io/Thinktecture.IdentityServer.v2/ Code has moved to https://github.com/thinktecture/Thinktecture.IdentityServer.v2)

    对您当前站点的大部分更改都涉及配置并包括 Windows Identity Foundation (WIF) 库.由于 WIF 中的身份模型建立在 ASP.NET 身份模型之上，因此除非您对用户主体进行高度自定义，否则不应有太多编码更改.

    Most of the changes to your current site would involve configuration and including the Windows Identity Foundation (WIF) library. Since the identity model in WIF builds on top of the ASP.NET identity model, there shouldn't be much of a coding change unless you're doing anything highly customized with the user principal.

    您至少需要两个证书.首先，您的站点需要 SSL 证书，因为 AD FS 端点必须是 HTTPS.您还需要 AD FS 和 Web 服务器上的签名证书，用于验证 AD FS 提供的令牌.您可以选择加密安全令牌，这需要另一个证书.

    At the minimum, you will need two certificates. First, you will need an SSL certificate for your site since the AD FS endpoint must be HTTPS. You will also need a signing certificate on AD FS and your web server that will be used to validate the token that AD FS delivers. You can optionally encrypt the security token, which would require another certificate.

    AD FS 使用 ActiveDirectory 域服务 (AD DS) 进行身份验证.由于它是 STS，因此它与 ASP.NET 成员资格提供程序之间确实没有可比性.查看这篇文章，了解基于声明的身份验证的完整说明.

    AD FS uses ActiveDirectory Domain Services (AD DS) for authentication. Since it's an STS, there's really no comparison between it and the ASP.NET Membership provider. Take a look at this article for a complete explanation of claims-based authentication.

    如果您正在寻找更简单的 SSO 解决方案，这里有很多选择.我会谷歌搜索，因为你会找到几个 .NET 解决方案.我不能特别和任何人说话，因为这取决于您的要求.

    If you're looking for an easier SSO solution, there are options out there. I would google around since you'll find several .NET solutions. I can't speak to any one in particular since it depends on your requirements.

    希望这会有所帮助.

    这篇关于WIF、STS 和成员资格表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！