分别托管 API 和 IdentityServer4 主机(C#、.NET CORE)有什么优势? [英] What are the advantages of hosting your API(s) and IdentityServer4 host separately (C#, .NET CORE)?
问题描述
也许我要问的问题非常明显和简单,但作为 IdentityServer4 的初学者以及或多或少 oAuth2、OpenID 和 API 的初学者,我发现它很难理解.
Perhaps the question I am about to ask is very obvious and simple, but as a beginner in IdentityServer4 and more or less in oAuth2, OpenID and API's in general, I find it quite hard to understand.
我们公司的目标是使用身份验证和授权转向更安全的应用程序构建方式(Visual Studio 2017、C#、.NET Core 2).经过几天的研究,我最终使用了 IdentityServer4(也是因为文档非常好).
Our company's goal is to move to a more secure application building way (Visual Studio 2017, C#, .NET Core 2) using Authentication and Authorization. After some days of research I ended up with using IdentityServer4 (also because the documentation is really great).
遵循 IdentityServer 文档后 (https://media.readthedocs.org/pdf/identityserver4/release/identityserver4.pdf) 直到第 7 章,我还有一个.
After following the IdentityServer Documentation (https://media.readthedocs.org/pdf/identityserver4/release/identityserver4.pdf) up till chapter 7, I have one remaining.
我正在尝试构建一个带有 API 后端的 MVC 应用程序 (web),用于检索/插入数据,以便我以后可以将该 API 用于其他应用程序,例如 SPA/Xamarin 应用程序.对于 IdentityServer 主机,我选择了带有 asp.net 身份的 IdentityServer.我让它运行起来,一切都很好,但是以下问题仍然存在:
I am trying to build a MVC application (web) with an API backend for retrieving / inserting the data so that I can later use the API for other applications, like a SPA / Xamarin application. For the IdentityServer host I went for IdentityServer with asp.net identity. I got it running and it all works great, however the following question remains:
与 IdentityServer 主机一起托管我的 API(我想在其中处理数据库操作)有哪些缺点?拥有这么多不同的项目对我来说似乎不合逻辑,而(据我所知)这两个(API 和 IdentityServer 主机)可以完美地结合在一起.
What are the disadvantages of hosting my API, in which I want to handle Database operations, together with the IdentityServer host? It doesn't seem logical to me to have so many different projects while (so far as I can tell) these 2 (the API and IdentityServer host) can be joined together perfectly fine.
在(几乎)所有的 IdentityServer4 示例中,IdentityServer 主机和 API 是单独的项目,将两者作为单独项目托管有什么优势.
In (almost) all the examples found of IdentityServer4 the IdentityServer host and API's are separate projects, what are the advantages of hosting the two as separate projects.
推荐答案
我会说单一职责.
这样对待 - Identity Server 是一个框架,它为您提供针对您的客户端/API 的身份验证.就是这样!(当然,这一切都是根据您的规则、政策等完成的).
Treat it like this - Identity Server is a framework, that provides you the authentication against your clients/API's. That's it! (of course this is all done based on your rules, policies etc).
从您的数据库中添加/编辑/删除用户不是身份服务器的目的.Identity Servers 的目的不是为这些用户分配角色.最重要的是 - 授权这些用户不是身份服务器的目的.
It is not Identity Servers' purpose to add/edit/delete users from your database. It is not Identity Servers' purpose to give roles to this users. And most important - it is not Identity Servers' purpose to authorize this users.
所有这些都必须在您的客户端/api 中完成.
All these must be done in your clients/api's.
在您的情况下 - 您需要一个单独的 API 来照顾用户(以及您需要的其他数据),但我猜您希望此 API 受到 Identity Server 的保护.
In your case - you need a separate API that will take care for the users (and other data that you need), but I guess that you want this API to be protected by Identity Server.
这是分离的地方,应该保持 - Identity Server 不应该对自己的 API 进行身份验证.
This is where the separation comes and should be kept - Identity Server should not authenticate its own API against himself.
所有的例子、文章等都是独立的项目是有原因的.
There is a reason that all the examples, articles and etc are with separated projects.
PS:当然有一些实现这一点的例子(damienbod 的 很好).
PS: Of course there are some examples of achieving this (damienbod's one is good).
这篇关于分别托管 API 和 IdentityServer4 主机(C#、.NET CORE)有什么优势?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
