问题描述
目前,我们有许多使用经典 ASP 通过 .NET 2.0 技术开发的 Web 应用程序(外部和内部).这些 Web 应用程序中的每一个都有自己的登录屏幕,可针对自己的自定义数据库进行身份验证或使用 Windows 身份验证.用户可以访问这些应用程序中的一个或多个,这意味着他们必须注销并重新登录到他们想要访问的应用程序.所有应用程序共享部分后端数据源.此外,由于没有代码/业务逻辑共享,业务逻辑除了在应用程序之间复制外,还嵌入在 UI 中.屏幕截图 #1 简要介绍了现有架构.
Currently, we have many web applications (external & internal) developed using Classic ASP through .NET 2.0 technologies. Each of those web applications have their own login screen authenticating against their own custom database or using Windows authentication. Users have access to one or more of these applications, meaning they have to log out and log back into applications that they would like to access. All applications share some part of the back-end data sources. Also, the business logic is embedded in the UI in addition to being duplicated across applications because there is no code/business logic sharing. Screenshot #1 gives a brief idea of the existing architecture.
屏幕截图#2 显示了建议的架构,我希望这将有助于加快开发、代码/业务的可重用性,并且可能会更简单的维护.用户将访问外部或内部 url.在外部,用户将提供凭据并将针对自定义数据库进行身份验证.在内部站点中,用户将使用 Windows 身份验证自动登录.在创建了一些示例之后,我开始喜欢 ASP.NET MVC 3.它将业务逻辑与 UI 分开,我也喜欢单元测试功能.
Screenshot #2 shows the suggested architecture, which I hope will help in faster development, code/business re-usability and may be simpler maintenance. Users will access either external or internal url. In external, users will provide credentials and will be authenticated against custom database. In internal site, users will be automatically logged in using Windows authentication. After creating some samples, I have begun to like ASP.NET MVC 3. It keeps business logic separate from UI and I also like the unit testing capabilities.
这是我的问题:
根据我目前在网上发现的情况,在一个网站内进行多重身份验证是不可行的.我的理解是,我必须为每种类型的身份验证(表单和 Windows)托管一个网站.如何在用户通过身份验证后将他们重定向到公共登录页面,以便他们可以看到他们有权访问的模块(链接/菜单)?我是否必须向两个网站发布相同的代码集(dll 和内容)?
Based on what I have found on the web so far, multiple authentications are not feasible within a single website. My understanding is that I have to host one website for each type of authentication (Forms and Windows). How do I redirect users to common landing page after they are authenticated so they can see the modules (links/menus) that they are authorized to access? Should I have to publish the same code set (dlls and content) to both the websites?
有人遇到过类似的架构问题吗?如果是,您能否分享一下您面临的挑战以及您是如何应对的?设计此类应用程序的行业标准是什么?
Has anyone faced a similar architecture problem? If yes, could you please share the challenges that you faced and how you tackled them? What are the industry standards in designing applications of this sort?
建议的架构是否有意义,或者它是一个非常糟糕的设计?在 ASP.NET MVC 3 中这样做有什么缺点吗?
Does the suggested architecture make any sense or is it a really bad design? Are there any drawbacks in doing this in ASP.NET MVC 3?
非常感谢您的意见.
提前致谢.
推荐答案
我会建立一个单独的网站,只处理 windows 身份验证.然后,我将依靠 OpenID 和/或 OAuth 之类的东西来请求凭据/令牌,以确保用户具有适当的访问权限.
I would set up a seperate web site which only handles the windows authentication. I would then rely on something like OpenID and/or OAuth to ask for credentials/token to make sure to user has proper access.
想要使用 Windows 凭据登录的用户会经历该过程,因为您是对的,运行 Windows 身份验证的 IIS 服务器很难与其他东西混合.
The user that want to sign in using windows credentials go through that process because you are right in that a IIS server running windows authentication is hard to mix with other stuff.
您可以设置某种基于声明的推力网络,在该网络中,您的应用程序从受信任的来源获取凭据,并且通过该过程,您可以协商和控制跨多个网站的访问权限.只要您不进行自定义托管或白标品牌推广,您就可以将所有东西放在一个地方(或者即使您这样做了,您也可以对其进行设计,以便您拥有分发身份验证令牌的中央解决方案).
You can set up some kind of claim based network of thrust in which you applications get thier credentials from trusted sources and through that process you can negotiate and control access privileges cross many web sites. As long as your not doing custom hosting or white label branding you can have everything in one place (or even if you did you could design it so that you have a central solution of handing out authentication tokens).
这篇关于如何将应用程序从经典 ASP 迁移到 ASP.NET MVC?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!