我应该如何处理用户身份的窗口电话/ WCF / ASP.NET MVC应用程序? [英] How should I handle user identity for a Window Phone / WCF / ASP.NET MVC application?
问题描述
我工作的一个应用程序,它允许从一个Windows Phone应用程序和MVC 3 web界面的数据输入和显示。为手机客户端数据访问是通过在MVC 3应用程序托管身份验证的WCF服务。用户会被跟踪这是唯一对他们的信息,因此该服务将只告诉我我已经输入的数据。
I'm working on an application which allows data entry and display from both a Windows Phone application and an MVC 3 web interface. Data access for the phone client is via authenticated WCF services hosted in the MVC 3 application. Users will be tracking information which is unique to them, so the service will only show me data which I have entered.
什么是处理身份在这种情况下最简单的方法是什么?我还以为使用Windows Live ID的,因为<一个href=\"http://stackoverflow.com/questions/4065343/windows-live-id-authentication-for-windows-phone-7\">phone应用程序可以访问一个Windows Live ID匿名财产。然而,从我可以告诉有没有办法得到允许一个基于网络的的Windows Live登录这给了我同样的Windows Live匿名ID - 的 Windows Live Messenger的登录连接给我一个特定地点的唯一ID ,这将是从手机客户端的匿名ID不同。
What is the simplest way to handle identity in this scenario? I'd thought of using Windows Live ID, since the phone application has access to a Windows Live Anonymous ID property. However, from what I can tell there's no way to get allow for a web-based Windows Live sign-in which gives me the same Windows Live Anonymous ID - Windows Live Messenger Connect login gives me a site-specific unique ID, which would be different from the phone client's Anonymous ID.
另外,我可以在客户端和手机的Facebook SDK 上使用Facebook的身份验证。我担心的还有在确保服务电话。我想,在第一时间的装置与一个网站ID,该服务器问题它的密钥,并且既Facebook的ID和服务器发出键的服务连接所需要的业务接入。
Alternatively, I could use Facebook authentication on both client and phone with Facebook SDK. My concern there is in securing the service calls. I'm thinking that the first time a device connects with the service with a Facebook ID, the server issues it a key, and both the Facebook ID and the server issued key are required for service access.
以上的思考?有没有办法,我缺少一个简单的解决方案?
Thoughts on the above? Is there a simpler solution that I'm missing?
推荐答案
到API密钥另一种方法是使用基于身份和安全令牌索赔。您可以使用Windows Azure的访问控制服务的安全令牌的信任的发行者,与价值添加谈到pre-配置为使用的LiveID,Facebook,谷歌,任何OpenID和任何WS联合身份提供者。无论是网站和网络服务会相信ACS。
An alternative to an API Key is to use claims based identity and security tokens. You could use the Windows Azure Access Control Service as a trusted issuer of security tokens, with the value add that it comes pre-configured to use LiveID, Facebook, Google, any OpenID and any WS-Federation identity provider. Both the web site and the web service would trust ACS.
ACS会给你的网站(让你的用户登录到它的LiveID,谷歌或FB)SAML令牌。
ACS will give you SAML tokens for the web site (allowing your users to login to it with LiveID, Google or FB).
ACS还可以发出简单的Web令牌(SWT),这是REST服务,特别是整齐的(假设手机客户端使用)。
ACS can also issue Simple Web Tokens (SWT), which are especially neat for REST services (assuming the phone client uses that).
您不能使用与手机应用相关联的LiveID的,但你仍然可以使用的LiveID(或任何其它身份提供者)。这是<一个href=\"http://blogs.msdn.com/b/eugeniop/archive/2011/03/24/authentication-in-wp7-client-with-rest-services-part-i.aspx\"相对=nofollow>如何做到这一点的例子。它使用在手机应用程序中嵌入一个Web浏览器,并使用对所有安全令牌谈判的共同方针。
You can't use the LiveID associated with the phone in your app, but you can still use LiveID (or any other identity provider). This is an example of how to do it. It uses the common approach of embedding a web browser in the phone app and use to for all security token negotiation.
使用ACS为您提供了很大的灵活性,而所有的complextity。制作一个网站声称知道和信任ACS是非常简单的。这里更多的样本: HTTP://claimsid.$c$cplex.com
Using ACS gives you a lot of flexibility without all the complextity. Making a web site "claims aware" and trust ACS is very straight forward. More samples here: http://claimsid.codeplex.com
这篇关于我应该如何处理用户身份的窗口电话/ WCF / ASP.NET MVC应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
