Claims Based Authentication and Token Based Authentication和WIF
2016-06-24 12:09
477 查看
基于声明的认证方式,其最大特性是可传递(一方面是由授信的Issuer,即claims持有方,发送到你的应用上,注意信任是单向的。例如QQ集成登录,登录成功后,QQ会向你的应用发送claims。另一方面可在Issuer之间传递,例如A公司的AD和B公司的AD之间传递),主要用于第三方认证和单点登陆(For claims-based applications,single sign-on for the web is sometimes called passive federation).
A claim is a statement that one subject makes about itself or another subject. The statement can be about a name, identity, key, group, privilege, or capability, for example. Claims are issued by a provider, and they are given one or more values and then packaged in security tokens that are issued by an issuer, commonly known as a security token service (STS).
Claim is piece of information that describes given identity on some aspect. Take claim as name-value pair. Claims are held in authentication token that may have also signature so you can be sure that token is not tampered on its way from remote machine to your system. You can think of token as envelop that contains claims about user.
Token may contain different claims:
username or user ID in remote system,
full name of user,
e-mail address,
membership in security groups,
phone number,
color of eyes.
System can use claims to identify and describe given user from more than one aspect. This is something you don’t achieve easily with regular username-password based authentication mechanisms.
security token传递方式:
Security tokens that are passed over the Internet typically take one of two forms:
Security Assertion Markup Language (SAML) tokens are XML-encoded structures that are embedded inside other structures such as HTTP form posts and SOAP messages.
Simple Web Token (SWT) tokens that are stored in the HTTP headers of a request or response.
The tokens are encrypted and can be stored on the client as cookies.
The most important benefit from claims is that you can let a third party authenticate users, and the third party will retrieve to you if this user is authenticated or not and also what claims are for this user.
In token based authentication, when a request comes, it should have the token with it, the server first will authenticate the attached token with the request, then it will search for the associated cookie for it and bring the information needed from that cookie.
WIF(Windows Identity Foundation) 4.5 是一组用于在您的应用程序中实施基于声明的标识的 .NET Framework 类)
包含以下程序集:
mscorlib (mscorlib.dll),
System.IdentityModel(System.IdentityModel.dll),
System.IdentityModel.Services (System.IdentityModel.Services.dll),
System.ServiceModel(System.ServiceModel.dll)
注意从4.5开始,System.IdentityModel.Claims, System.IdentityModel.Policy, and System.IdentityModel.Selectors 将被抛弃
A claim is a statement that one subject makes about itself or another subject. The statement can be about a name, identity, key, group, privilege, or capability, for example. Claims are issued by a provider, and they are given one or more values and then packaged in security tokens that are issued by an issuer, commonly known as a security token service (STS).
Claim is piece of information that describes given identity on some aspect. Take claim as name-value pair. Claims are held in authentication token that may have also signature so you can be sure that token is not tampered on its way from remote machine to your system. You can think of token as envelop that contains claims about user.
Token may contain different claims:
username or user ID in remote system,
full name of user,
e-mail address,
membership in security groups,
phone number,
color of eyes.
System can use claims to identify and describe given user from more than one aspect. This is something you don’t achieve easily with regular username-password based authentication mechanisms.
security token传递方式:
Security tokens that are passed over the Internet typically take one of two forms:
Security Assertion Markup Language (SAML) tokens are XML-encoded structures that are embedded inside other structures such as HTTP form posts and SOAP messages.
Simple Web Token (SWT) tokens that are stored in the HTTP headers of a request or response.
The tokens are encrypted and can be stored on the client as cookies.
Claims Based Authentication
Claims are a set of information stored in a key – value pair form. Claims are used to store information about user like full name, phone number, email address.... and the most important thing is that you can use claims as a replacement of roles, that you can transfer the roles to be a claim for a user.The most important benefit from claims is that you can let a third party authenticate users, and the third party will retrieve to you if this user is authenticated or not and also what claims are for this user.
Token Based Authentication
Token store a set of data in (local/session storage or cookies), these could be stored in server or client side, the token itself is represented in hash of the cookie or session.In token based authentication, when a request comes, it should have the token with it, the server first will authenticate the attached token with the request, then it will search for the associated cookie for it and bring the information needed from that cookie.
An Introduction to Claims
https://msdn.microsoft.com/zh-cn/library/ff359101.aspxClaims-Based Architectures
https://msdn.microsoft.com/en-us/library/ff359108.aspxWIF(Windows Identity Foundation) 4.5 是一组用于在您的应用程序中实施基于声明的标识的 .NET Framework 类)
包含以下程序集:
mscorlib (mscorlib.dll),
System.IdentityModel(System.IdentityModel.dll),
System.IdentityModel.Services (System.IdentityModel.Services.dll),
System.ServiceModel(System.ServiceModel.dll)
注意从4.5开始,System.IdentityModel.Claims, System.IdentityModel.Policy, and System.IdentityModel.Selectors 将被抛弃
相关文章推荐
- 给DIY的服务器添加raid驱动
- LeetCode 220. Contains Duplicate III
- 编译busybox时使用make menuconfig命令出现下列问题:recipe for target 'scripts/kconfig/lxdialog/checklist.o' failed
- PaintCode 绘图(一)
- Canvas和Paint的使用小结
- 指针数组--main参数
- 【leetcode】219. Contains Duplicate II
- 翻译HAIP相关问答
- 基于zookeeper、连接池、Failover/LoadBalance等改造Thrift 服务化
- Keychain Access中开发证书和秘钥的关系
- 80老翁谈人生(14):迎接2016中国人工智能大会的召开!
- Maven错误问题解决 Failure to transfer com.thoughtworks.xstream:xstream:jar:1.3.1 from https://repo.maven
- 开发错误记录11:git报错 fatal:open /dev/null or dup failed: No such file or directory
- OpenCV的waitkey不起作用
- TurboMail邮件系统与中国外汇交易中心合作
- leetcode 217 Contains Duplicate
- 记common-email发送邮件,使用qq邮箱服务器
- 1021/ Fibonacci Again 同余运算关系 + 打表 水题
- ACM/ICPC竞赛STL--pair
- 基于深度学习的目标检测研究进展