为公共用户使用 Windows Azure Active Directory [英] Using Windows Azure Active Directory for Public Users
问题描述
我了解 WAAD 适用于内部组织帐户.我了解 ADFS 和其他云中的 AD"相关主题背后的概念.但是,真的有什么东西阻止 WAAD 用于公共帐户吗?
I understand that WAAD is meant for internal organizational accounts. I understand the concepts behind ADFS and other "AD in the cloud" related topics. But is there really anything that is preventing WAAD to be used for public accounts?
我想使用 ASP.Net MVC 构建一个面向公众的网站.我将使用 WIF 来实现声明身份验证,并计划使用 ACS 作为声明联合提供者.我想允许最终用户使用社交网络帐户(ACS 开箱即用)登录.但我也希望允许用户为我的网站注册他们自己的用户名和密码.我可以在这部分使用 WAAD 吗?
I want to build a public facing web site using ASP.Net MVC. I will use WIF to implement claims authentication and plan to use ACS as a claims federation provider. I want to allow the end users to login using Social Network Accounts (out of the box with ACS). But I also want to allow users to register their own user name and passwords for my web site. Can I use WAAD for this part?
当然,我可以构建自己的自定义 STS.或者我可以为此目的使用 Thinktecture IdentityServer.但是坚持使用 WAAD 有一些明显的优势:
Of course I could build my own custom STS. Or I could use Thinktecture IdentityServer for this purpose. But there are some clear advantages of sticking with WAAD:
- 简单(只需点击几下即可将 WAAD 设置为 ACS 的 STS)
- Azure SLA 保证的性能、安全性和可靠性
这种方法有什么缺点吗?
Is there any disadvantage to this approach?
推荐答案
您当然可以使用 WAAD 来创建用户帐户.当然,您还必须强制用户使用电子邮件样式登录.
You certainly can use WAAD for creating user accounts. You, also of course, have to force users to use e-mail style logins.
然而,WAAD 与 ThinkTecture 的 Identity Server 相比有一个(我认为很大)缺点:WAAD 没有用户注册/密码管理/密码重置流程.
There is however one (BIG in my opinion) disadvantage of WAAD against ThinkTecture's Identity Server: WAAD does not have a user registration / password management / password reset flow.
更新(29.07.2014)
今天,WAAD 提供自助服务密码重置作为 Premium 的一部分特点.但是仍然没有自助服务用户注册.坦率地说,我不希望看到自助服务用户注册,因为 WAAD 的目标是企业,而不是您的特定场景.
Today WAAD provides Self-service-password-reset as part of Premium Features. However still no self-service-user-registration. Frankly I do not expect to ever see self service user registration, as WAAD is targeting enterprises, and not your specific scenario.
要在 WAAD 中实现上述流程,您必须从头开始开发自己的 MVC 应用程序,该应用程序将 Graph API 用于所有上述场景.
To implement mentioned flow in WAAD, you have to developed your own MVC App from scratch, that uses the Graph API for all mentioned scenarios.
另一方面,您拥有 Identity Server,它拥有数千次下载,由 the 基于身份验证和安全性的声明专家开发.身份服务器具有非常丰富且易于使用的可扩展结构.虽然它也没有提供开箱即用的用户注册和密码重置流程,但它已经是一个具有非常丰富的扩展点的 MVC 4 应用程序.
On the other side, you have Identity Server, which has thousands of downloads, which is developed by the Gurus of Claims based authentication and security. Identity server has very rich and easy to use extensible structure. While it also does not provide the user registration and password reset flows out of the box, it is already an MVC 4 application with very rich extensibility points.
设置身份服务器以在 Azure 中运行也非常容易.在 Azure ACS 中将身份服务器设置为身份提供者只需在管理门户上单击几下即可.
Setting up an Identity server for run in Azure is also extremely easy. And setting up Identity Server as Identity provider in Azure ACS is just couple of clicks on the management portal.
您说 WAAD 支持 SLA、高度可用等.但如果使用至少 2 个 Web 角色实例,您在云服务上的 Identity Server 部署也将支持 SLA.
You say that WAAD is SLA backed, highly available, etc. But your Identity Server deployment on a Cloud Service will be SLA backed too if use at least 2 instances of a Web Role.
如果我必须选择是扩展 Identity Server 以支持用户注册等,还是从头开始创建使用 WAAD Graph API 实现该功能的全新应用程序 - 我会使用 Identity Server.
If I have to chose whether to extend Identity Server to support user registration etc, or to create entirely new application from scratch that uses WAAD GRaph API for that feature - I would use Identity Server.
这篇关于为公共用户使用 Windows Azure Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
