asp.net-mvc 在 Owin Identity 和 Asp.Net MVC 中正确使用声明类型
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24892222/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using Claims Types properly in Owin Identity and Asp.Net MVC
提问by Miguel Moura
I am using Owin and Identity and I am having a problem with Claims.
我正在使用 Owin 和 Identity,但我遇到了 Claims 问题。
I have applications where users use an email to authenticate and others that use an username.
我有一些应用程序,其中用户使用电子邮件进行身份验证,而其他应用程序则使用用户名。
The sign in method in the business layer can accept an Email or an Username depending on the case.
To "obfuscate" the user identity I use a GUID, unique to each user, when displaying a page with user info.
I also use this because sometimes an email or an username can be a problem in the url ...
业务层中的登录方法可以根据情况接受电子邮件或用户名。
为了“混淆”用户身份,我在显示包含用户信息的页面时使用了每个用户唯一的 GUID。
我也使用它,因为有时电子邮件或用户名可能是 url 中的问题......
When I sign a user I have the following claims types:
当我签署用户时,我有以下声明类型:
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.Name, user.FullName),
new Claim(ClaimTypes.GivenName, user.FirstName),
new Claim(ClaimTypes.Surname, user.LastName),
new Claim(ClaimTypes.NameIdentifier, user.UserUniqueIdentifier.ToString())
So my interpretation is:
所以我的解释是:
Email is the user's email
Name is the user's full name
GivenName is the user's first name
Surname is the user's last name
NameIdentifier is the user's unique identifier ... It can be the email, the username or in this case I am using an Unique ID.
What is strange is there is no Claim Type for Username. Where would to place it?
奇怪的是用户名没有声明类型。将它放在哪里?
Basically it seems there is a problem when a Username is not used as the Unique name identifier but it is still necessary.
基本上,当用户名不用作唯一名称标识符时似乎存在问题,但它仍然是必要的。
Is something wrong with my logic claims types?
我的逻辑声明类型有问题吗?
回答by Anthony Chu
ClaimTypes.Name(http:// schemas.xmlsoap.org/ws/2005/05/identity/claims/name) should be used for the username.
ClaimTypes.Name(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) 应该用于用户名。
ClaimTypes.NameIdentifieris typically used for the user's id. In some cases it could be a username.
ClaimTypes.NameIdentifier通常用于用户的 ID。在某些情况下,它可能是用户名。
ASP.NET Identity uses ClaimTypes.Nameto store the username, and ClaimTypes.NameIdentifierto store the primary key GUID of the user.
ASP.NET Identity 用于ClaimTypes.Name存储用户名和用户ClaimTypes.NameIdentifier的主键 GUID。
回答by V.B.
If you examine what Facebook or Google return from oAuth you will see that ClaimTypes.Nameis ClaimTypes.GivenName + ClaimTypes.Surname. LinkedIn returns then concatenated and I believe this is a bug because I have a completely different username there. Twitter returns username for ClaimTypes.Name, but Twitter is a special case and they do not even return email.
如果您查看 Facebook 或 Google 从 oAuth 返回的内容,您会看到它ClaimTypes.Name是ClaimTypes.GivenName + ClaimTypes.Surname. LinkedIn 返回然后连接,我相信这是一个错误,因为我在那里有一个完全不同的用户名。Twitter 返回 用户名ClaimTypes.Name,但 Twitter 是一个特例,他们甚至不返回电子邮件。
All of them are using some opaque numeric identifier for ClaimTypes.NameIdentifier. And they use their own string names, usually starting with urn:facebook:link, urn:google:profile, etc for custom data.
所有这些都使用了一些不透明的数字标识符ClaimTypes.NameIdentifier。他们用自己的字符串名称,通常开始urn:facebook:link,urn:google:profile等自定义的数据。
Asp.NET Identity model uses UserName for ClaimTypes.Name. The bottom line is that ClaimTypes.Nameis used differently in practice. You could add any claim name as a string and could add the urn:...scheme to make it unambiguous.
Asp.NET Identity 模型使用 UserName 作为ClaimTypes.Name. 底线是ClaimTypes.Name在实践中使用不同。您可以将任何声明名称添加为字符串,并可以添加urn:...方案以使其明确。
