vb.net 角色和声明之间的区别
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26060582/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Difference between Roles and Claims
提问by Gillardo
In our system we have a way to setup users with permissions. They create a group name, for example, Admin and then assign all the permissions for the tasks they would like to do.
在我们的系统中,我们有一种方法可以设置用户的权限。他们创建一个组名,例如 Admin,然后为他们想要执行的任务分配所有权限。
For example, they can add AddCompany, ViewCompany, DeleteCompany, EditCompany
例如,他们可以添加 AddCompany、ViewCompany、DeleteCompany、EditCompany
This makes it very easy to make different permissions groups and we can control security very easily.
这使得创建不同的权限组变得非常容易,我们可以非常轻松地控制安全性。
Am i right in thinking that in this instance the group name = Role and each permission is a claim?
我认为在这种情况下组名 = 角色并且每个权限都是一个声明是否正确?
回答by DSR
Roles-based authorization is used to group users into groups (roles) and then set permissions on the role rather than on individual users.
基于角色的授权用于将用户分组到组(角色)中,然后对角色而不是单个用户设置权限。
E.g: In your case you can create Admin role and provide permission to do "AddCompany, ViewCompany, DeleteCompany, EditCompany" tasks.
例如:在您的情况下,您可以创建管理员角色并提供执行“AddCompany、ViewCompany、DeleteCompany、EditCompany”任务的权限。
In this case easier to manage large set of users through small set of roles. This is the most commonly used model for authentication.
在这种情况下,通过一小组角色更容易管理大量用户。这是最常用的身份验证模型。
Claims-based authorization provides additional layers of abstraction on your authorization strategy. Further, claims are a method of providing information about an user rather than group of users. You create authorization policies that are used to generate a claim-set based on the authentication evidence presented by the user. Then the user presents claims to the application in order to access resources.
基于声明的授权为您的授权策略提供了额外的抽象层。此外,声明是一种提供有关用户而不是用户组的信息的方法。您创建用于根据用户提供的身份验证证据生成声明集的授权策略。然后用户向应用程序提出声明以访问资源。
A claim is a statement that one subject makes about itself or another subject. The statement can be about a name, identity, key, group, privilege, or capability, for example. Claims are issued by a provider, and they are given one or more values and then packaged in security tokens that are issued by an issuer, commonly known as a security token service (STS)
声明是一个主题对自己或另一个主题所做的陈述。例如,该语句可以是关于名称、身份、密钥、组、特权或能力的。声明由提供者发布,它们被赋予一个或多个值,然后打包在由发布者发布的安全令牌中,通常称为安全令牌服务 (STS)
Resources : http://msdn.microsoft.com/en-gb/library/ff649821.aspx
资源:http: //msdn.microsoft.com/en-gb/library/ff649821.aspx
http://msdn.microsoft.com/en-gb/library/ff649821.aspx
http://msdn.microsoft.com/en-gb/library/ff649821.aspx
http://msdn.microsoft.com/en-gb/library/ff359101.aspx
http://msdn.microsoft.com/en-gb/library/ff359101.aspx
Hope this helps.
希望这可以帮助。
回答by recursive
Roles are claims, but not all claims are roles.
角色是声明,但并非所有声明都是角色。
In a claims-based authorization system, you may use roles as permissions, but you may use something else as well. On my current project, we have a many to many mapping from roles to permissions.
在基于声明的授权系统中,您可以使用角色作为权限,但也可以使用其他权限。在我当前的项目中,我们有从角色到权限的多对多映射。
