什么是背后的IIdentity和IPrincipal的.NET中的想法 [英] What is the idea behind IIdentity and IPrincipal in .NET

问题描述

那么，什么是对双方都存在的目的的IIdentity 和的IPrincipal ，而不是一些 IIdentityMergedWithPrincipal ？ ？当它不足以无论是在同一个类中实现

So, what is the purpose for existence of both IIdentity and IPrincipal, and not some IIdentityMergedWithPrincipal? When is it not enough to implement both in same class?

此外，要了解的目的，我想知道这个概念来自：

Also, to understand purpose, I'd like to know where this concept comes from:

• 这是起源于净


• 有身份/校长的概念作为设计模式，其中 System.Security.Principal 在这些接口


• 这是源于其他地方和支持兼容性

• It is originated in .Net
• There is concept of Identity/Principal as design pattern, which System.Security.Principal implemented in those interfaces
• It is originated somewhere else and supported for compatibility

因此，不 UserPrincipal 从的System.DirectoryServices 同样采取行动的IPrincipal 而不是偶然的还是打算实施的？

Therefore, does UserPrincipal from System.DirectoryServices act similarly to IPrincipal but not implement it by accident or by intention?

PS我在寻找背后的想法推理，没有好处/争议比较，所以请尽量不要启动的意见为基础讨论

P.S. I'm looking for reasoning behind idea, not benefits/controversies comparison, so please try not to start opinion-based discussion

推荐答案

的IIdentity 只是用于用户的验证的身份，无论他们可能有什么样的角色。

IIdentity is just used for the user's authenticated identity, regardless of what roles they may have.

的IPrincipal 用于与在批准他们有角色结合了用户的身份一个给定的安全上下文。

IPrincipal is used to combine a user's identity with the authorized roles they have in a given security context.

例如，你可以使用一个第三方登录提供像Facebook或谷歌，得到了用户的身份，但你不会得到一个从这些供应商主要的，因为它们不提供任何角色。您可以使用自己的应用程序或一个基于角色的第三方授权提供程序适用角色，比方说，一个 FacebookIdentity 或 GoogleIdentity 。不同的应用程序可以期待一个不同的主体，有自己的角色，但仍使用相同的身份在另一个应用程序。

For example, you can use a third-party login provider, like Facebook or Google, to get the user's identity, but you will not get a principal from those providers, as they don't provide any roles. You can use your own application or a third-party role-based authorization provider to apply roles to, say, a FacebookIdentity or GoogleIdentity. A different application can expect a different principal, with its own roles, but still use the same identity as in another application.

这篇关于什么是背后的IIdentity和IPrincipal的.NET中的想法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！