WIF - claims-based identity

简介: 最近使用了Sharepoint 2010的开发,其中包括一个新的服务STS,看了一下,主要资料如下: 现有的认证授权如Memebership的开发支持已经比较完善了,之所以引入WIF,主要是通过间接的形式抽象,使认证和授权在分布式环境下更易使用。

最近使用了Sharepoint 2010的开发,其中包括一个新的服务STS,看了一下,主要资料如下:

现有的认证授权如Memebership的开发支持已经比较完善了,之所以引入WIF,主要是通过间接的形式抽象,使认证和授权在分布式环境下更易使用。

With the inflationary growth of distributed systems and online businesses, in the last few years the increasing need for interoperable protocols that could tear down the walls between silos became clear. The big players in the IT industry got together and agreed on a set of common protocols that would support interoperable communications across different platforms. Some examples of those protocols are SOAP, WS-Security, WS-Trust, WS-Federation, Security Assertion Markup Language (SAML), and in more recent times, OpenID, OAuth, and other open protocols.Claims-based identity promotes separation of concerns at a level never achieved before in the identity management world.

Windows Identity Foundation (WIF) is Microsoft’s stack for claims-based identity programming. It is a new foundational technology which helps .NET developers to take advantage of the claims based approach for handing authentication, authorization, customization and in general any identity-related task without the need to write any low-level code.

 

经典的claims-based identity过程

image

WIF的过程

 

image

identity providers (IP).

relying party (RP)

STS (Security Token Service).

WIF的具体过程:

1. WIF sits in front of your application in the ASP.NET pipeline. When an unauthenticated user requests a page, it redirects the browser to the identity provider pages.
2. Here the IP authenticates the user in whatever way it chooses (perhaps by showing a page with user name and password, using Kerberos, or in some other way). Then it manufactures a token with the required claims and sends it back.
3. The browser posts the token it got from the IP to the application, where WIF again intercepts the request.
4. If the token satisfies the requirements of the application (that is, it comes from the right IP, contains the right claims, and so on), the user is considered authenticated. WIF then drops a cookie, and a session is established.
5. The claims in the incoming token are made available to the application code, and the control is passed to the application.

 

参考资料

■ The WIF product home page on http://www.microsoft.com/wif

  WIF Runtime 和 WIF SDK
■  The Identity Developer Training Kit at http://go.microsoft.com/fwlink/?LinkId=148795

   很多的例子和概念展示
■ The WIF team blog at http://blogs.msdn.com/card

     http://www.cloudidentity.net

■ The IdElement Show on Channel9: http://channel9.msdn.com/shows/Identity/

相关文章
|
移动开发 NoSQL Redis
阿里云Redis lua命令支持及相关限制说明
介绍阿里云Redis对lua命令的支持
11851 1
|
存储 机器学习/深度学习 Java
Java数组的定义和使用(一篇带你搞定数组)
Java数组的定义和使用(一篇带你搞定数组)
403 0
|
监控 Java API
听我的,日志还是得好好打!
听我的,日志还是得好好打!
|
存储 弹性计算 运维
阿里云经济型e实例详细介绍_性能测试_使用限制说明
阿里云服务器ECS推出经济型e系列,经济型e实例是阿里云面向个人开发者、学生、小微企业,在中小型网站建设、开发测试、轻量级应用等场景推出的全新入门级云服务器,CPU采用Intel Xeon Platinum架构处理器
|
机器学习/深度学习 人工智能 自动驾驶
探索未来:人工智能与机器学习的融合
【6月更文挑战第5天】本文将深入探讨人工智能(AI)和机器学习(ML)的融合,以及它们如何共同塑造我们的未来。我们将从基本概念开始,然后深入到这些技术的实际应用,最后讨论它们可能带来的影响和挑战。
|
机器学习/深度学习 算法框架/工具 Python
pyton数据增强
pyton数据增强
156 0
|
消息中间件 存储 监控
【Kafka从入门到成神系列 一】Kafka基本概述和架构
【Kafka从入门到成神系列 一】Kafka基本概述和架构
【Kafka从入门到成神系列 一】Kafka基本概述和架构
|
API 调度
阿里云事件总线 EventBridge 最佳实践
本文介绍如何把阿里云事件总线 EventBridge 的内容接入观测云平台,通过观测云强大的统一汇聚能力轻松获取阿里云事件,实时追踪最新的数据信息。
345 0
|
网络协议 安全 数据安全/隐私保护
《计算机网络原理》总结<一>---整体认识
《计算机网络原理》总结<一>---整体认识
126 0