问题描述
我试图通过破坏主要成分为单独的Web服务器来实现用微服务架构的Web应用程序。我实施使用ASP.NET身份验证服务器(Email /用户名登录而已,没有脸谱,等)和一个主应用程序服务器。
I'm attempting to implement a web app using a microservice architecture by breaking up major components into separate web servers. I'm implementing an authentication server using ASP.NET Identity (email/username logins only, no Facebook, etc) and a "main" application server.
我目前面临的挑战是搞清楚如何,如果用户已通过认证服务器记录的应用程序,服务器会识别。由于认证服务器生成令牌,它的用户来验证用户的身份,我想他们是什么地方存储,并且可以由应用服务器进行查询,但我不知道如何去这样做。理想情况下,我的应用程序服务器的WebAPI终端将能够使用[授权]注释。
My current challenge is figuring out how the application server will recognize if a user has logged via the authentication server. Since the authentication server generates tokens which it users to verify users's identities, I imagine that they are stored somewhere and can be queried by the application server, but I'm not sure how to go about doing this. Ideally, my application servers WebAPI endpoints will be able to use the [Authorize] annotation.
问:如何通过使用ASP.NET身份独立的身份验证服务器一台服务器控制访问
推荐答案
我已经做了通过以下操作(使用cookie认证)类似的事情:
I've done something similar by doing the following (using cookie authentication):
1 - 设置Cookie域在所有网站上的TLD
我的 Startup.Auth.cs
是这样的:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => {
var identity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
//some additional claims and stuff specific to my needs
return Task.FromResult(identity);
})
},
CookieDomain = ".example.com"
});
2 - 更新所有网站的web.config中使用相同的&LT;的machineKey /&GT;
2 - update the web.config of all websites to use the same <machineKey />
我的是这样的:
<machineKey
decryption="Auto"
decryptionKey="my_key"
validation="HMACSHA512"
validationKey="my_other_key" />
现在我可以,比方说, account.example.com
进行登录操作,将用户重定向到 site1.example.com
,他们将被视为身份验证。
Now I can perform login operations on, say, account.example.com
, and redirect the user to site1.example.com
and they will be seen as authenticated.
这篇关于ASP.NET身份在微服务架构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!