问题描述
我与Azure的ACS工作,并把它纳入一个SSO战略为我.NET 4.0的网站。我看到一群不同的索赔可以存储和传递回RP(例如国家的StreetAddress,电话等)的规则组页面上。看起来你也可以返回回去要创建的任何索赔类型。这让我想起了与存储信息的用户带来了很多问题:
I'm working with Azure ACS and incorporating it into an SSO strategy for my .NET 4.0 website. I see on the Rule Groups page that a bunch of different claims can be stored and passed back to the RP (e.g. country, streetaddress, phone, etc.). It looks like you can also return back any claim type you want to create. This got me thinking about many questions relating to storing information for users:
- 是否有意义,以存储用户信息(比其他的NameIdentifier)的ACS VS本地数据库表?
- 这听起来像是你可以让他们的内部无限的规则组和规则。这是否正确?
- 我会处理不同的企业和用户在公司内部。将创建为每个公司的规则组,然后制定规则为每个用户是一个明智的选择?
- 看样子,API是pretty强大,将使这自动为注册网页等正确或不正确? 的结果来完成
- 这是可行的,建议(当他们离线向他们发送的东西消息例如查询他们的电子邮件地址)来运行ACS对查询要返回有关用户的信息。
- 你能抢报告目的了ACS的批量信息?
- Does it make sense to store user information (other than the nameidentifier) in ACS vs local database tables?
- It sounded like you could make unlimited rule groups and rules inside of them. Is that correct?
- I would be dealing with different companies and users inside the company. Would creating a rule group for each company and then making rules for each user be a wise choice?
- It appears that the API is pretty robust and would enable this to be done automatically as a result of a sign up page, etc. Correct or incorrect?
- Would it be feasible and recommended to run a query against ACS to return information back about a user (e.g. query for their email address when they're offline to send them a message about something)
- Could you grab bulk information for reporting purposes off of ACS?
推荐答案
简短的回答通常是是,但当然有一个较长的答案: - )
The short answer is generally "yes", but of course there's a longer answer :-).
的是否有意义存储用户信息(比其他的NameIdentifier)的ACS VS本地数据库表?的
是的,它可能是有意义的。但是,对于优化目的,你可能会保持一定的用户配置文件信息在其他地方(本地应用程序)的副本。 ACS规则的信息将是主记录会,只要你得到一个令牌更新值在您的本地存储,检查是否有已经改变与否。
Does it make sense to store user information (other than the nameidentifier) in ACS vs local database tables?Yes it could make sense. But for optimization purposes you might keep a copy of some of the user profile information somewhere else (local to the app). ACS rules information would be the "master record" you would update the values in your local store whenever you get a token and check whether there've been changes or not.
的这听起来像是你可以让他们的内部无限的规则组和规则。这是否正确?的
不,无限是一个很大的数字。有限制在命名空间的数量,依赖方和规则。检查文档。 ACS还支持级联转换,它可以帮助你减少规则的数量。
It sounded like you could make unlimited rule groups and rules inside of them. Is that correct? No, "unlimited" is a big number. There are limits in the number of namespaces, relying parties and rules. Check the documentation. ACS also supports "cascading" transformations, which can help you reduce the number of rules.
例如:
- 电子邮件:[email protected] - >公司:Contoso的
- 公司:Contoso的 - >语言:英语
每当声明类型本公司,值Contoso的发出第二个规则将被触发。
The 2nd rule will be triggered whenever a claim of type "Company", value "Contoso" is issued.
然后,你可以有:
- 电子邮件:[email protected] - >公司:Contoso的
语言声明将被自动添加。
The "language" claim will be automatically added.
的我会处理不同的企业和用户在公司内部。将为每个公司创建规则组,然后制定规则为每个用户是一个明智的选择?的
在多租户环境中,它可能是最好有每个租户信赖方。这是我们在样本7做(联合会与多个合作伙伴)可以在这里找到: HTTP://claimsid.$c$cplex.com 一>
的看样子,API是pretty强大,将使这自动为注册网页等的结果进行正确或不正确?的
是
的难道是可行的,建议(当他们离线向他们发送的东西消息例如查询他们的电子邮件地址)来运行ACS对查询要返回有关用户的信息的
有可能的。但是,有没有在ACS的用户的概念。所以昱欧将不得不去code从规则。你不能有像GetUserprofile(字符串用户)
Would it be feasible and recommended to run a query against ACS to return information back about a user (e.g. query for their email address when they're offline to send them a message about something) It is possible. However, there's no concept of "user" in ACS. So yuou would have to decode that from the rules. You can't have a call like "GetUserprofile( string user)"
的你能抓住大部分信息报告目的了ACS的?的
该API支持大容量的信息,但报告可能是更好的对自己的数据库复制的信息。
Could you grab bulk information for reporting purposes off of ACS?The API supports bulk info, but for reporting it might be better to have replicated information on your own database.
最后一个念头:ACS规则今天引擎非常简单,只相比有什么ADFS今天,其中的规则可真复杂(如数据库查询等),可以做确实简单的变换(加级联),但没有
One last thought: ACS rules engine today is very simple and only does simple transformations (plus cascading), but nothing compared to what ADFS can do today, where rules can be really complex (e.g. db lookups, etc)
这篇关于Azure的ACS和存储的信息就可以了用户VS地方?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!