寻找一个安全和可靠执行STS [英] Looking for a secure and robust STS implementation
问题描述
我面对经由该返回一组基于某些数据识别用户,靠近的用户名和密码的权利要求的一个WCF服务使用自定义验证的项目。然后在此之上,我有一个自定义STS,从 Microsoft.IdentityModel.SecurityTokenService
导出,驻留在一个ASP.NET网站项目。这个项目看起来好像是用VS2010模板创建,而不是精心曾制作。
I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService
, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
我的直觉,以及大量的在线咨询中告诉我,这个网站STS项目是很远的生产做好准备。现在我正在寻找一个基于MVC的STS,我可以在进入生产使用预期。 TinkTecture的IdentityServer看起来很有希望,但它不是简单地实施 SecurityTokenService
自定义推导这么多,我不知道从哪里开始。如果有人能够引导我走向一个开放的项目或步行通过做这个,或者提供一些指导,在那里,我怎么能开始延长或修改身份服务器,这将是巨大的。
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService
, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
推荐答案
你有没有看由米歇尔·勒鲁布斯塔曼特?
Have you looked at the MSDN article by Michele Leroux Bustamante?
这是一老一少基于WCF,但它有code伴随它。
It's a little old and based on WCF, but it has code accompanying it.
如果你想基于ASP.NET例如,Microsoft发布这样的:
ASP.NET安全令牌服务网站
If you want ASP.NET based example, Microsoft published this: ASP.NET Security Token Service Web Site
还有在 codePLEX 这STS项目。
这篇关于寻找一个安全和可靠执行STS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!