c# - 通过 WIF 在 MVC 应用程序之间共享身份验证

Question

我有两个网站，即 A 和 B，其中 A 和 B 都有各自的用户存储。如果用户是 A 的经过身份验证的用户，则它应该能够访问 B 的所有授权页面，反之亦然。

有人可以帮助我如何使用 Windows Identity Foundation 执行此操作。谢谢

Answer 1

阅读 MSDN 的主要文章，其中完整描述了 What is Windows Identity Foundation上面写着:

Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. The framework abstracts the WS-Trust and WS-Federation protocols and presents developers with APIs for building security token services and claims-aware applications. Applications can use WIF to process tokens issued from security token services and make identity-based decisions at the web application or web service.

因此，对于跨多个应用程序的身份验证，您应该较少的问题。

一个很好的起点 是 MSDN 上的 How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF

要了解其工作原理，请参阅 this helpful MSDN blog .

WIF + MVC 的另一个示例在Federated Identity with Multiple Partners 中可用。我建议您阅读第一章以了解所有基本原则。

更新:围绕 STS根据MSDN :

A security token service (STS) is the service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols. There’s a lot of work that goes into implementing these protocols, but WIF does all of this work for you, making it feasible for someone who isn’t an expert in the protocols to get an STS up and running with very little effort. You can use a cloud STS such as a LiveID STS, a pre-built STS such as Active Directory® Federation Services (AD FS) 2.0, or, if you want to issue custom tokens or provide custom authentication or authorization, you can build your own custom STS using WIF. WIF makes it easy to build your own STS. For more information, see Building an STS.

以下链接可能对 STS 有帮助:

1. Building an STS
2. How to: Create a Security Token Service
3. Building A Custom Security Token Service