使用的Windows Azure Active Directory进行大众用户 [英] Using Windows Azure Active Directory for Public Users
问题描述
据我了解,WAAD是为内部组织帐户。我理解其背后云广告相关主题ADFS等的概念。但是,真的有什么,是用于公共帐目preventing WAAD?
I understand that WAAD is meant for internal organizational accounts. I understand the concepts behind ADFS and other "AD in the cloud" related topics. But is there really anything that is preventing WAAD to be used for public accounts?
我要建立使用ASP.Net MVC面向公众的网站。我将使用WIF实现声明身份验证并计划使用ACS作为索赔联合会商。我想允许最终用户使用社交网络帐户进行登录(以出ACS盒子)。但我也希望允许用户注册自己的用户名和密码我的网站。我可以使用WAAD这部分?
I want to build a public facing web site using ASP.Net MVC. I will use WIF to implement claims authentication and plan to use ACS as a claims federation provider. I want to allow the end users to login using Social Network Accounts (out of the box with ACS). But I also want to allow users to register their own user name and passwords for my web site. Can I use WAAD for this part?
当然,我可以建立自己的自定义STS。或者,我可以用Thinktecture IdentityServer用于这一目的。但也有坚持WAAD一些明显的优势:
Of course I could build my own custom STS. Or I could use Thinktecture IdentityServer for this purpose. But there are some clear advantages of sticking with WAAD:
- 简单(成立WAAD为STS为ACS只需点击几下)
- 的性能,安全性,可靠性湛蓝的SLA保证
是否有任何缺点这种做法?
Is there any disadvantage to this approach?
推荐答案
您当然可以使用WAAD创建用户帐户。你也当然也要强迫用户使用电子邮件式的登录。
You certainly can use WAAD for creating user accounts. You, also of course, have to force users to use e-mail style logins.
不过有一个(BIG在我看来)的缺点对ThinkTecture的身份服务器:WAAD的没有用户注册/密码管理/密码重置流程。
There is however one (BIG in my opinion) disadvantage of WAAD against ThinkTecture's Identity Server: WAAD does not have a user registration / password management / password reset flow.
更新(2014年7月29日)
今天WAAD提供自助服务密码重置为 $的一部分p $ pmium功能。但是仍然没有自助服务的用户注册。坦白说,我不希望看到过自助服务用户注册时,如WAAD的目标是企业,而不是您的具体方案。
Today WAAD provides Self-service-password-reset as part of Premium Features. However still no self-service-user-registration. Frankly I do not expect to ever see self service user registration, as WAAD is targeting enterprises, and not your specific scenario.
要实现WAAD提到的流量,你要开发自己的MVC应用程序从头开始,使用了图形API的所有提到的场景。
To implement mentioned flow in WAAD, you have to developed your own MVC App from scratch, that uses the Graph API for all mentioned scenarios.
在另一边,你有身份服务器,其中有数以千计的下载,这是由基于声明的大师认证和安全发展。身份服务器有非常丰富的,易于使用的可扩展结构。虽然它也没有提供用户注册和密码重置流出的方块,它已经是一个MVC 4应用具有非常丰富的扩展点。
On the other side, you have Identity Server, which has thousands of downloads, which is developed by the Gurus of Claims based authentication and security. Identity server has very rich and easy to use extensible structure. While it also does not provide the user registration and password reset flows out of the box, it is already an MVC 4 application with very rich extensibility points.
设置在Azure上运行的Identity服务器也是非常容易的。并设置身份Server作为Azure的ACS身份提供者仅仅是情侣对管理门户的点击。
Setting up an Identity server for run in Azure is also extremely easy. And setting up Identity Server as Identity provider in Azure ACS is just couple of clicks on the management portal.
您说WAAD是SLA的支持,高可用性等。但在云服务的身份Server部署将支持SLA太多,如果一个Web角色使用至少2个实例。
You say that WAAD is SLA backed, highly available, etc. But your Identity Server deployment on a Cloud Service will be SLA backed too if use at least 2 instances of a Web Role.
如果我必须选择是否延长Identity Server的支持用户注册等,或者从头开始创建一个使用WAAD图形API该功能的全新应用 - 我会用身份服务器
If I have to chose whether to extend Identity Server to support user registration etc, or to create entirely new application from scratch that uses WAAD GRaph API for that feature - I would use Identity Server.
这篇关于使用的Windows Azure Active Directory进行大众用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
