Implementing claims-based security (WCF/ASP.NET)

2019-03-16 16:19发布

After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt.

The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new service all I need to do is ensure that the service will only accept claims issued by the Authorization Broker. And as noted in the article, the Authorization Broker would only accept claims issued by the Authentication Broker.

When that's setup, any time a client attempts to use the new service, it must authenticate with the Authentication Broker (issuing an authenticated claim) and then get authorized with the Authorization Broker (issuing an authorized claim).

This is all fine and dandy and the architecture is clear, but I don't see exactly how to implement an STS. As I mentioned, most (if not all) examples around the web are showing how to use CardSpace, but that doesn't exactly work when you have a database backing up your authentication scheme.

Sample Scenario

alt text http://img512.imageshack.us/img512/8329/claimsbasedsecurityza6.jpg

2条回答
可以哭但决不认输i
2楼-- · 2019-03-16 16:35

The best thing to implement an STS on on the Windows platform is to use AD FS.

See this blog for details, http://blogs.msdn.com/vbertocci/archive/2007/11/19/developing-a-minimal-sts-with-adfs-2-identity-framework-part-i-the-sts-itself.aspx.

查看更多
闹够了就滚
3楼-- · 2019-03-16 16:49

I think I found my answer :D

http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel2

And then there's the latest Microsoft Geneva Framework announced at PDC. Perfect for what I need. (now if only my own answer were marked as the answer :P)

http://www.microsoft.com/geneva

查看更多
登录 后发表回答