问题描述
我试图了解ASP.NET身份验证和授权机制.我了解索赔是什么?有什么作用.在几乎所有相关的博客文章或此处的问题中,建议使用声明并避免使用角色.在这一点上,我感到困惑.我如何使用没有角色的声明? (我通常会在用户注册后为他们分配角色.)
I'm trying to understand ASP.NET Identity authentication and authorization mechanics. I understood what's a claim & what's a role. In almost every related blog post, or question on here it's advised to use claims and avoid roles. I'm confused at this point. How can I use claims without roles? (I normally assign roles to users after they are registered. )
感谢您的帮助.
谢谢
推荐答案
角色也是主张,主张更笼统.
Roles are claims too, claims are just more general.
由于您未显示确切的链接,我只能推测这并不完全是对角色的要求".
I can only speculate, as you don't show exact links, that it's not exactly "claims over roles".
它实际上是在基于角色的安全模型上使用基于声明的安全模型".这很容易解释,因为角色也属于声明,使用声明可以拥有角色,但也可以具有其他声明.
It's rather "use the claims-based security model over the role-based security model". This one is easy to explain, since roles are claims too, using claims you have roles but you have possibly other claims, too.
从技术上讲,如果创建ClaimsPrincipal
并添加Role
声明,则ASP.NET将正确识别角色,无论您希望将其放在什么位置-WebForms授权,MVC授权过滤器和其他基于角色的东西都照常运行.
Technically, if you create a ClaimsPrincipal
and add Role
claims, ASP.NET will correctly recognize roles wherever you'd expect it to - WebForms authorization, MVC authorization filters and other role-based stuff works as usual.
如果您需要一些技术细节,请查阅我的博客条目,其中显示了如何轻松地从旧的基于角色的表单身份验证切换到新的基于声明的身份验证.
If you need some technical details, consult my blog entry where I show how you easily switch from old role-based Forms Authentication to the new claims-based authentication.
http://www.wiktorzychla.com/2014/11/forms-authentication-revisited-for-net.html
特别是,您只需添加这样的角色声明
In particular, you just add role claims like this
var identity = new ClaimsIdentity( "custom" );
identity.AddClaim( new Claim( ClaimTypes.Name, txtLogin.Text ) );
identity.AddClaim( new Claim( ClaimTypes.Role, "admin" ) );
var principal = new ClaimsPrincipal( identity );
// write the principal to cookie
但是,索赔给您的是根据任意索赔(例如用户年龄超过18岁"或用户来自法国,德国或西班牙")进行授权的能力.这样的任意陈述不一定映射到角色",而是完美的主张.
However, what claims give you is the ability to do authorization based on arbitrary claims like "user is older than 18 years" or "user comes from France, Germany or Spain". Such arbitrary statements do not necessarily map to "roles" but are perfect claims.
您可以通过自定义声明授权管理器执行此授权,示例在此处
You do this authorization with a custom claims authorization manager, examples here
这篇关于没有角色的要求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!