NET 单点登录实现

我的任务是为我们的客户实现单点登录,作为我们下一个版本的一部分。流程如下:

  1. 用户使用学校提供给他/她的学生 ID/密码登入学校的主要入口系统。
  2. 用户单击指向我公司产品的链接。
  3. 用户被自动带到仪表板页面,就好像他们刚刚通过我们网站上的登录表单登录。

因此,有两种机制可以让用户通过身份验证进入我们的站点:

  1. 访问我们产品的主页,并使用存储在本地系统中的电子邮件/密码登录。
  2. 使用学生已经用学生 ID 和密码登录到学校主系统的单点登录。

如果我们的产品是在 ASP.NET 中实现的(而不是 Java/Ruby) ,我们应该使用 CAS、 JOSSO 或其他第三方单点登录产品吗?还是有什么东西。NET 环境,这对我们来说会更简单,作为一个。NET 公司?

221258 次浏览
小开
最佳答案

There are multiple options to implement SSO for a .NET application.

Check out the following tutorials online:

Basics of Single Sign on, July 2012

http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO

GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013

http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html

The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4.

If your requirements allow you to use a third-party solution, also consider OpenID. There's an open source library called DotNetOpenAuth.

For further information, read MSDN blog post Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers.

Hope this helps!

小开

I am late to the party, but for option #1, I would go with IdentityServer3(.NET 4.6 or below) or IdentityServer4 (compatible with Core) .

You can reuse your existing user store in your app and plug that to be IdentityServer's User Store. Then the clients must be pointed to your IdentityServer as the open id provider.

小开

There are several Identity providers with SSO support out of the box, also some third-party** services.

** The only problem with third-party services is that they might charge per user/month, which can be pretty expensive.

Some of the tools available and with APIs for .NET are:

If you decide to go with your implementation, you could use the frameworks below categorized by programming language.

C#:

  • IdentityServer3 (OAuth/OpenID protocols, OWIN/Katana)
  • IdentityServer4 (OAuth/OpenID protocols, ASP.NET Core)
  • OAuth 2.0 by Okta

JavaScript:

  • passport-openidconnect (node.js)
  • oidc-provider (node.js)
  • openid-client (node.js)

Python:

  • pyoidc
  • Django OIDC Provider

I would go with Auth0 as a service, as it's free for the first 7000 users, supports many languages, and not much needs to be done. However, if you need a more robust, manage yourself, and cheaper solution, I would configure IdentityServer4 and ASP.NET Core application and add authentication providers as necessary.

Both Auth0 and IdentityServer4 solutions use OAuth/OpenID protocols, supporting also WS-Federation and SAML 2.0 integration.

小开

UltimateSAML SSO is an OASIS SAML v1.x and v2.0 specifications compliant .NET toolkit. It offers an elegant and easy way to add support for Single Sign-On and Single-Logout SAML to your ASP.NET, ASP.NET MVC, ASP.NET Core, Desktop, and Service applications. The lightweight library helps you provide SSO access to cloud and intranet websites using a single credentials entry.

Detailed UltimateSAML SSO review can be found here

小开

[disclaimer: I'm one of the contributors]

We built a very simple free/opensource component that adds SAML support for ASP.NET apps https://github.com/jitbit/AspNetSaml

Basically it's just one short C# file you can throw into your project (or install via Nuget) and use it with your app


提交答案