问题描述
我试图了解 WIF 中主动联合和被动联合之间的区别.如果依赖方 (RP) 是 WCF 服务而不是 ASP.NET 应用程序,则似乎会使用主动联合;如果 RP 是 ASP.NET 应用程序,则使用被动联合.这准确吗?
I am trying to understand the difference between Active and Passive federation in WIF. It appears that one would use an Active Federation if the Relying Party (RP) is a WCF Service instead of an ASP.NET application and a Passive Federation if the RP is an ASP.NET application. Is this accurate?
因此,在 ASP.NET 应用程序在后端使用 WCF 的情况下,MS 文章建议使用由 ASP.NET 应用程序使用 ActAs STS 获取的引导程序"安全令牌,该令牌是用于向 WCF 进行身份验证.在这种情况下,我们似乎在做主动(用户 -> STS -> ASP.NET RP)和被动(ASP.NET -> ActAs STS -> WCF)联合的组合?
So, in a scenario in which an ASP.NET application uses a WCF in the backend, the MS articles suggest using a 'bootstrap' security token that is obtained by the ASP.NET app using an ActAs STS and this token is used to authenticate with the WCF. In this scenario, it appears that we are doing a combination of Active (user -> STS -> ASP.NET RP) and Passive (ASP.NET -> ActAs STS -> WCF) Federation?
推荐答案
Active Federation 是关于使用 WSTrust 协议对用户进行身份验证,而您的依赖方是拥有登录窗口并向 STS 请求安全令牌的人.被动联合是当依赖方没有登录逻辑并且您被重定向到位于 STS 上的登录页面时.在我看来,Active Federation 的配置更复杂(我正在使用 Silverlight,所以它需要一些技巧).我打算在我的博客上发布关于这个主题的帖子,因为互联网上关于它的信息很少.
Active Federation is about authenticating user using WSTrust protocols and your Relying Party is who owns login window and asks for security token to STS.Passive Federation is when Relying Party has no login logic and you are redirected to the login page located on STS. Active Federation is more complex to configure, in my opinion (I'm working with silverlight, so it needs some tricks). I'm planing to post about this subject on my blog, because there is little information about it on internet.
这篇关于WIF 中的主动和被动联合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!