Identity Server 作为 Web API 或单独应用程序的一部分
Identity Server as part of Web API or separate app
我有一个 ASP.NET Core Web API 应用程序,为了保护它,我实施了 JWT Bearer 身份验证。下一步是管理用户访问和颁发JWT 令牌。
最初我考虑使用 Azure AD B2C,但它似乎不支持我的业务需求。所以我现在正在考虑使用 Identity Server 4。
Identity Server 4 运行 是一个完全独立的应用程序吗?另外,我是否正确理解它用作:
- 供用户注册和登录的网络界面
- 还有一个带有 API 的网络应用程序,它发出
JWT 令牌
换句话说,Identity Server 4 "act" 是我自己的 Azure AD B2C 服务吗?
IdentityServer 4 是一个 Web 应用程序(登录和注销页面),具有实现 OAuth 2.0 和 OpenID Connect 规范的 API。 samples 提供简单的用户登录和注销视图,您可以根据自己的喜好进行更改。
关于用户注册过程,您可以将其添加到您的 IdentityServer4 实现中或将其作为单独的 Web 应用程序。
与 Azure AD B2C 的相似之处
本文来自另一个博客article
授权
Azure AD B2C allows you to model user roles as membership in groups
that you define. You can’t currently get a token containing those
claims, but you can use the Azure AD Graph API as a workaround to
retrieve the group memberships, and use them in authorization checks
inside your application. It’s a little tricky right now, but
improvements to this are on the B2C team’s roadmap.
API 身份验证
Azure AD B2C can provide tokens for authenticating API access via
OpenID Connect, but beyond that the functionality is limited. The
OAuth 2.0 Client Credentials flow isn’t supported, and B2C doesn’t
include any API key management features, so you’ll need to roll your
own code if your services need to support API key authentication.
另一个 article 具有 IdentityServer4 的优点。
IdentityServer 4 is an authentication framework capable of out of the
box Single Sign On (SSO) and security for your APIs, and most recently
support for implementing your own authentication protocols and tokens,
with a sample implementation for the WS-Federation protocol and SAML
tokens. SSO works across all applications regardless of whether they
are using OpenID Connect or WS-Federation.
总结
IdentityServer4 类似于 Azure AD B2C,具有链接文章中所述的更多功能。
我有一个 ASP.NET Core Web API 应用程序,为了保护它,我实施了 JWT Bearer 身份验证。下一步是管理用户访问和颁发JWT 令牌。
最初我考虑使用 Azure AD B2C,但它似乎不支持我的业务需求。所以我现在正在考虑使用 Identity Server 4。
Identity Server 4 运行 是一个完全独立的应用程序吗?另外,我是否正确理解它用作:
- 供用户注册和登录的网络界面
- 还有一个带有 API 的网络应用程序,它发出
JWT令牌
换句话说,Identity Server 4 "act" 是我自己的 Azure AD B2C 服务吗?
IdentityServer 4 是一个 Web 应用程序(登录和注销页面),具有实现 OAuth 2.0 和 OpenID Connect 规范的 API。 samples 提供简单的用户登录和注销视图,您可以根据自己的喜好进行更改。
关于用户注册过程,您可以将其添加到您的 IdentityServer4 实现中或将其作为单独的 Web 应用程序。
与 Azure AD B2C 的相似之处
本文来自另一个博客article
授权
Azure AD B2C allows you to model user roles as membership in groups that you define. You can’t currently get a token containing those claims, but you can use the Azure AD Graph API as a workaround to retrieve the group memberships, and use them in authorization checks inside your application. It’s a little tricky right now, but improvements to this are on the B2C team’s roadmap.
API 身份验证
Azure AD B2C can provide tokens for authenticating API access via OpenID Connect, but beyond that the functionality is limited. The OAuth 2.0 Client Credentials flow isn’t supported, and B2C doesn’t include any API key management features, so you’ll need to roll your own code if your services need to support API key authentication.
另一个 article 具有 IdentityServer4 的优点。
IdentityServer 4 is an authentication framework capable of out of the box Single Sign On (SSO) and security for your APIs, and most recently support for implementing your own authentication protocols and tokens, with a sample implementation for the WS-Federation protocol and SAML tokens. SSO works across all applications regardless of whether they are using OpenID Connect or WS-Federation.
总结
IdentityServer4 类似于 Azure AD B2C,具有链接文章中所述的更多功能。