发表新帖
发表新帖

NetSqlAzMan vs AzMan vs (?????)

后端 未结
关注
2 972
再見小時候
再見小時候 2021-02-19 11:23

I\'ve been trying to \"read between the lines\" about the original (and/or current) motivation for the NetSqlAzMan project.

Was this written for?

  1. An ada

2条回答
  • 陌清茗
    陌清茗 (楼主)
    2021-02-19 11:58

    I think the reason for the lack of updates from Microsoft on their blogs and in their SDKs has something to do with them already moving all their tools and designs towards a social network/federation friendly "claims model":

    http://msdn.microsoft.com/en-us/magazine/ee335707.aspx

    In comparison to any of the AzMan variants, at the low AzMan operation level (what the code demands to decouple it from the rest) we only have a permission type claim. This new style of operation is simply a URN string/action name issued from any trusted claims provider/service validated by signatures you (or later re-configuration) define. They are then just a flat list of roles in the user identity so easy to check with common IsInRole methods.

    The justification for this is clear. Modern internet solutions (and perhaps some future corporate intranet applications once the privacy laws are improved) demand multi-domain authentication and authorization, e.g. this StackOverflow.com user account and the connected Facebook account or any OpenID account you may have linked.

    So for authorization you can now CODE rules which map between external claims and internal "permission claims" (analogous to AzMan operations). However there is no standard format, hierarchy or administration tool.

    Perhaps a hybrid solution of Claims Service (Authentication) + AzMan XML/SQL (Roles to Claims mapping) + Claims Permission demand is the way forwards. All the samples I found so far just have code in the middle. I want to see something with recursive group memberships from Active Directory resolved to Roles to Tasks to claims (operations) like we already have with AzMan.

    More investigation is necessary to achieve the "good old" but still essential "role based security" pattern with the newer technology...

    If you're looking to start, head towards the Microsoft Windows Identity Foundation (WIF) which first appeared in .NET 3.5.1 but has since been integrated into the .NET 4.5 framework.

    http://msdn.microsoft.com/en-us/library/hh377151(v=vs.110).aspx

    0 讨论(0)
 看不清?
提交回复
热议问题