ASP Net Core - 将外部身份提供者与个人用户帐户混合以进行审计跟踪 [英] ASP Net Core - Mixing External Identity Provider with Individual User Accounts for Audit Tracking
问题描述
我创建了一个带有个人用户帐户的默认 ASP Net Core MVC Web 应用程序.我在 AspNetUsers 表中添加了一个自定义 UserID INT 字段,并将其作为外键链接到我的所有其他自定义表,以便我可以跟踪哪些用户在我的数据库中插入/更新了记录.我这样做是因为我更喜欢使用 INT 字段作为主键.在这种情况下,一切正常.
I have created a default ASP Net Core MVC web app with Individual User Accounts. I added a custom UserID INT field to the AspNetUsers table and linked this as a foreign key to all my other custom tables so I can track what users inserted/updated records in my database. I did this as I prefer using INT fields for primary keys. In this scenario everything is working fine.
我现在正在考虑使用外部身份提供程序,例如 Azure Active Directory,但是我无法弄清楚如何将 Azure AD(或任何其他身份提供程序)中的用户链接到我的本地数据库表以维护外部用户 ID关键约束.根据我的所有研究,我找不到任何关于这种情况的文章.
I am now thinking of using an external identity provider such as Azure Active Directory however I cannot work out how I would link a user in Azure AD (or any other identity provider) to my local database tables to maintain the user id foreign key constraints. From all my research I cannot find any articles for this scenario.
如何将来自外部身份提供者的用户信息链接到我的本地数据库表?我担心我可能需要在外部身份提供者和我的本地 AspNet 用户表中双重处理用户帐户管理,以使用我的其他自定义表维护外键,这似乎很疯狂.
也许我遗漏了一些明显的东西,或者我的方法全错了,所以如果有更好的替代方法来跟踪谁在我的数据库表中使用外部身份提供程序为 ASP Net Core Web 应用程序做了什么,我很乐意采用它.
Perhaps i'm missing something obvious or my approach is all wrong so if there is a better alternative for tracking who did what in my database tables for an ASP Net Core web application using an external identity provider I would happily adopt it.
推荐答案
不需要额外的步骤来链接来自外部身份提供者的用户的用户信息.Web 应用程序看起来应该是一样的.
There is no need to additional steps to link the user info for the user from external identity provider. It should looks be same for the web app.
当用户从外部身份提供者登录时,仍然需要注册用户以将用户与个人帐户绑定.唯一不同的是,这种个人账户没有密码,可以匹配AspNetUserLogins中的记录.这里有两个账户,一个绑定到外部身份提供者,另一个不绑定:
When the users login from external identity provider, it still require to register the users to bind the user with individual accounts. The only difference is that there is no password for this kind of individual account and it can match the record in the AspNetUserLogins. Here are two accounts, one is binding to the external identity provider and the other is not:
这篇关于ASP Net Core - 将外部身份提供者与个人用户帐户混合以进行审计跟踪的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
