ASP. NET claims-based authentication to implement authentication login-claims basic knowledge

Source: Internet
Author: User

Claims-based authentication this way separates authentication and authorization from the login code, splitting authentication and authorization into additional Web services. Live example is our QQ integrated login, not necessarily QQ integrated login is claims-based authentication this mode, but this scenario, it is absolutely perfect for claims-based certification.

Key features of claims-based certification:

    • Split authentication and authorization into separate services
    • Service callers (usually Web sites), do not need to pay attention to how you go to certification, you use Windows authentication, or use the token mobile phone messages, and I have nothing to do.
    • If the user logs in successfully, the authentication Service (if QQ) will return a token to us.
    • The token contains the information required by the service caller, the user name, and the role information, among other things.

In general, I don't have to worry about how you log in, how to get your role, I just have to jump you to that login site, then it returns to my token information, I get the required information from the token to determine who you are and what role you have.

Further understanding of claims-based certification

In order to let everyone further understand claims-based certification, we start from a common login scenario, take QQ integrated login to example.

    1. Users run to our website to access a page that needs to be signed in
    2. Our website detects that the user is not logged in, returns a response to the QQ login page (302 points to the address of the QQ login page and adds a return link page, usually returnurl=)
    3. User is redirected to the login page of the specified QQ
    4. Users in the QQ login page Enter the user name and password, QQ will go to their own database query, once the login is successful, will return a jump to our site response (302 point to our site page)
    5. The user is redirected to a detection login page of our website, we can get the user's identity information, establish claimsprinpical and claimsidentity objects, generate cookies and so on.
    6. We then take the user to the specified page, which is ReturnUrl, which is the last page visited before the user logs in.

Simply put the login code (verify the user, get the user information) into a separate service or component

ASP. NET claims-based authentication to implement authentication login-claims basic knowledge

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.