C# ASP.NET 单点登录实现
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14309090/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
C# ASP.NET Single Sign-On Implementation
提问by Adam Levitt
I am tasked with implementing single sign-on for our customers as part of our next release. The flow exists as follows:
作为我们下一个版本的一部分,我的任务是为我们的客户实现单点登录。流程如下:
- User logs into their school's main portal system using a student id/password provided to him/her by the school.
- User clicks the link to my company's product.
- User is automatically taken to the dashboard page as if they had just logged in through the login form on our site.
- 用户使用学校提供给他/她的学生 ID/密码登录到他们学校的主要门户系统。
- 用户单击指向我公司产品的链接。
- 用户会自动进入仪表板页面,就像他们刚刚通过我们网站上的登录表单登录一样。
Thus, there are two mechanisms by which a user can be authenticated into our site:
因此,有两种机制可以让用户通过我们的网站进行身份验证:
- Coming to our product's home page, and logging in using the email/password that we store in our local system.
- Using the single sign-on where the student has already logged into the school's main system with a student id and password.
- 进入我们产品的主页,并使用我们存储在本地系统中的电子邮件/密码登录。
- 使用单点登录,学生已经使用学生 ID 和密码登录到学校的主系统。
If our product's implementation is in ASP.NET (as opposed to Java/Ruby), should we be using CAS, JOSSO, or some other third party single sign-on product? Or is there something available to a .NET environment which would be simpler for us as a .NET company?
如果我们的产品实现是在 ASP.NET(而不是 Java/Ruby)中,我们应该使用 CAS、JOSSO 还是其他一些第三方单点登录产品?或者是否有一些可用于 .NET 环境的东西,这对我们作为 .NET 公司来说会更简单?
采纳答案by Shahed C - MSFT
There are multiple options to implement SSO for a .NET application.
有多种选项可以为 .NET 应用程序实现 SSO。
Check out the following tutorials online:
在线查看以下教程:
Basics of Single Sign on, July 2012
单点登录基础知识,2012 年 7 月
http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO
http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO
GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013
GaryMcAllisterOnline:ASP.NET MVC 4、ADFS 2.0 和第 3 方 STS 集成 (IdentityServer2),2013 年 1 月
http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html
http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html
The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4.
第一个使用 ASP.NET Web 窗体,而第二个使用 ASP.NET MVC4。
If your requirements allow you to use a third-party solution, also consider OpenID. There's an open source library called DotNetOpenAuth.
如果您的要求允许您使用第三方解决方案,还可以考虑 OpenID。有一个名为DotNetOpenAuth 的开源库。
For further information, read MSDN blog post Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers.
有关更多信息,请阅读 MSDN 博客文章使用通用提供程序将 OpenAuth/OpenID 与您现有的 ASP.NET 应用程序集成。
Hope this helps!
希望这可以帮助!
回答by Evdzhan Mustafa
I am late to the party, but for option #1, I would go with IdentityServer3(.NET 4.6 or below) or IdentityServer4(compatible with Core) .
我迟到了,但对于选项 #1,我会选择 IdentityServer3(.NET 4.6 或更低版本)或IdentityServer4(与Core兼容)。
You can reuse your existing user store in your app and plug that to be IdentityServer's User Store. Then the clients must be pointed to your IdentityServer as the open id provider.
您可以在您的应用程序中重用现有的用户存储,并将其插入为 IdentityServer 的用户存储。然后客户端必须指向您的 IdentityServer 作为开放 ID 提供者。
回答by Alexz
There are several Identity providers with SSO support out of the box, also third-party** products.
有几个开箱即用的具有 SSO 支持的身份提供商,还有第三方**产品。
** The only problem with third party products is that they charge per user/month, and it can be quite expensive.
** 第三方产品的唯一问题是按用户/月收费,而且价格可能相当昂贵。
Some of the tools available and with APIs for .NET are:
一些可用的和带有 .NET API 的工具是:
- IdentityExpress(with Admin UI) by IdentityServer
- Centrify Identity Service
- Okta Identity (SAML 2.0)
- OneLogin
- IdentityExpress(带有管理 UI),由 IdentityServer 提供
- 集中身份服务
- Okta 身份 (SAML 2.0)
- 登录
If you decide to go with your own implementation, you could use the frameworks below categorized by programming language.
如果您决定使用自己的实现,则可以使用以下按编程语言分类的框架。
C#
- IdentityServer3 (OAuth/OpenID protocols, OWIN/Katana)
- IdentityServer4 (OAuth/OpenID protocols, ASP.NET Core)
- OAuth 2.0 by Okta
Javascript
- passport-openidconnect (node.js)
- oidc-provider (node.js)
- openid-client (node.js)
Python
- pyoidc
- Django OIDC Provider
C#
- IdentityServer3(OAuth/OpenID 协议,OWIN/Katana)
- IdentityServer4(OAuth/OpenID 协议,ASP.NET Core)
- Okta 的 OAuth 2.0
Javascript
- 护照openidconnect(node.js)
- oidc-provider (node.js)
- openid 客户端(node.js)
Python
- pyoidc
- Django OIDC 提供商
I would go with IdentityServer4 and ASP.NET Core application, it's easy configurable and you can also add your own authentication provider. It uses OAuth/OpenIDprotocols which are newer than SAML 2.0 and WS-Federation.
我会使用 IdentityServer4 和 ASP.NET Core 应用程序,它易于配置,您还可以添加自己的身份验证提供程序。它使用比 SAML 2.0 和 WS-Federation 更新的OAuth/OpenID协议。
回答by brunoid
UltimateSAML SSO is an OASIS SAML v1.x and v2.0 specifications compliant .NET toolkit. It offers an elegant and easy way to add support for Single Sign-On and Single-Logout SAML to your ASP.NET, ASP.NET MVC, ASP.NET Core, Desktop, and Service applications. The lightweight library helps you provide SSO access to cloud and intranet websites using a single credentials entry.
UltimateSAML SSO 是符合 OASIS SAML v1.x 和 v2.0 规范的 .NET 工具包。它提供了一种优雅而简单的方法来为您的 ASP.NET、ASP.NET MVC、ASP.NET Core、桌面和服务应用程序添加对单点登录和单点注销 SAML 的支持。轻量级库可帮助您使用单个凭据条目提供对云和 Intranet 网站的 SSO 访问。
回答by Alex
[disclaimer: I'm one of the contributors]
[免责声明:我是贡献者之一]
We built a very simple free/opensource component that adds SAML support for ASP.NET apps https://github.com/jitbit/AspNetSaml
我们构建了一个非常简单的免费/开源组件,为 ASP.NET 应用程序添加了 SAML 支持https://github.com/jitbit/AspNetSaml
Basically it's just one short C# file you can throw into your project (or install via Nuget) and use it with your app
基本上它只是一个简短的 C# 文件,您可以将其放入您的项目(或通过 Nuget 安装)并与您的应用程序一起使用
