问题描述
我有轻微的体系结构问题.我有IdentityServer解决方案,用于通过身份用户存储(与数据库中的用户)对用户进行身份验证.我这里有登录功能并注册了功能,所以我必须在这里使用DbContext.我有另一个解决方案API,其中保存了不是身份表的自定义表.所有表都在同一个数据库中.
I have slight architecture issue.I have IdentityServer solution, to authenticate user with Identity user store(with user in database). I have login functionality here and register functionality, so I have to use DbContext here. I have another solution API where I hold custom tables which are not Identity tables. All tables are in same database.
现在,当我通过API添加新记录时,我想以某种方式将CreadetBy与Identity用户联系起来.我知道我可以从Claims中获取有关用户的信息,然后在创建新行时进行插入,但这是一种好习惯吗?
Now when I add new record through API, I somehow want to connect CreadetBy with Identity user. I know I can get info about user from Claims, and then insert while creating new row, but is that good practice?
另一个问题是,我应该将注册操作从IdentityServer项目中移出,仅对身份用户存储区使用登录功能,然后向API进行注册,所以我不会在两个地方重复ApplicationUser的其他字段吗?
Another question is, should I move registration operation out of IdentityServer project, and only use Login functionality towards identity user store there and put registration to API, so I don't duplicate additional fields for ApplicationUser in two places?
推荐答案
根据我的理解,您应该保持关注点分开.在不共享相同上下文的表之间永远不要有关系.这意味着汽车永远无法链接到AspNetUsers.
From what I understand you should maintain a seperation of concerns. You should never have a relation between tables that do not share the same context. This means that Cars can never link to AspNetUsers.
关于对象和字段的含义.例如,似乎IdentityUser和CustomUser是相等的,但它们不是相等的. IdentityUser具有将用户标识为所需的所有信息,而CustomUser具有定制模型所需的所有信息.实际上,您可以拥有没有登录帐户的CustomUsers.
It is about the meaning of the objects and the fields. For example, it seems that IdentityUser and CustomUser are equal, but they are not. The IdentityUser has all the information needed to identify the user as where CustomUser has all the information needed for the custom model. In fact, you can have CustomUsers which do not have a login account.
还要考虑电子邮件地址.在这两种情况下都具有该字段似乎是多余的,但实际上,当我想接收自定义电子邮件地址的更新时,我可以使用我的Google帐户登录.
Also consider the emailaddress. It seems redundant to have this field in both contexts, but actually I could use my Google account to login while I want to receive updates on my custom emailaddress.
那么CreatedBy字段的含义是什么,您将如何使用它?如果它是自定义上下文的一部分(如报表),则您应该有一个CustomUser表并与该表相关.如果您仅出于管理目的而要对其进行检查,则足以存储用户名.您要按该字段查询吗?您是否需要其他信息,例如CustomUserAddress?
So what is the meaning of the CreatedBy field and how are you going to use it? If it is part of the custom context (like for reports), then you should have a CustomUser table and relate to that table. If you just want to check this for administration purposes, than it may suffice to store the username. Are you going to query by that field? Do you need additional information, like CustomUserAddress?
如果做得好,我认为您实际上没有多余的字段.因为它们都有不同的目的/意义.
If done well, I don't think you actually have redundant fields. Since they all have different purpose / meaning.
无论如何,您都不想在上下文之外建立联系.而且您不希望最终发送ID列表以从另一个上下文中检索信息.
In any case, you don't want to relate beyond the context. And you don't want to end up sending lists of id's to retrieve information from another context.
问题是您要链接当前用户.身份令牌用于标识用户.这对您的资源毫无意义.但是访问令牌包含有关资源中实际用户的信息.
The problem is that you want to link the current user. The identity token is used to identify the user. This means nothing to your resource. But the access token contains information about the actual user in the resource.
通过使授权靠近资源,可以使用CustomUserId扩展授权用户.将此信息添加到访问令牌中,因为它是授权的一部分.它告诉资源用户只能访问指定用户的数据.
By keeping authorization close to the resource, you can extend the authorization user with CustomUserId. Add this information to the access token, since it is part of the authorization. It tells the resource that the user can only access data from the specified user.
使用[访问令牌] .customUserId可以匹配CustomUser.因此,CreatedBy应该具有CustomUser.Id的值.
With [access token].customUserId you can match the CustomUser. Thus CreatedBy should have the value of CustomUser.Id.
我也想推荐这篇文章: https://leastprivilege .com/2016/12/16/identity-vs-permissions/
I would also like to recommend this article: https://leastprivilege.com/2016/12/16/identity-vs-permissions/
这篇关于我可以使用声明数据将CreatedBy用户数据插入自定义表吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!