ARC-411建立企业级web service案例分析: Authentication, Membership 与Profile
课程内容概述
复习:ASP 2.0 Membership & Profile实际系统的要求:作为Service而不是ASP 网站(没有HTTP Context)Scalability: 不仅要再web service层,而且要在数据库层数据模型: profile 数据for data mining支持现有的用户:Mobile user support: consistent across PC users安全性: web service and database设计与实施
实际要求: Interoperability & Functionality
必须是一 stateless web service, 不需客户应用系统地HTTP Context. 支持各种平台上的应用( Framework 1.1, 2.0, J2EE)功能:登陆,核实emailUser authenticationMembership management (password change, password reset)Profile: Update and retrievalProfile managementUser favorites and preferences
实际要求 (Functional Requirements)
不仅要再web service层,而且要在数据库层用户数据必须partitioned horizontally
实际要求: Scalability
实际要求: scalability at web service层与数据库层
Membership and profile data must be available as relational data for data mining:A single-valued user attribute (such as zip, email, name, etc) will have its own column;A multi-valued user attribute (such as favorites) will be in a separate table.
实际要求: 数据模型
现有的用户仍然能够用现有的passwords logins.现有的 passwords are non-retrievable (only its hash is stored);现有的 passwords have been encoded differently, salted differently, hashed differently. Hash过程:string -> encoding -> byte[] -> salt -> hash(byte[]) -> base64string (CryptographyAPI.HashPassword_Aspnet20)现有的用户能够change or reset passwords.Password change or reset之后, password hash 将沿用新的标准.
实际要求: 支持现有的用户
手机用户与PC用户有不同的registration (见下页的图).手机用户与PC用户的registration没有一固定顺序.为提供统一的用户体验,两种registration必须能够合二为一. 但是,这一合并必须由用户来启动.
实际要求: 支持手机用户
实际要求: 支持手机用户-不同的registration
Away service ID
Remote device ID
Location
Channel Per Page
Handset model
Network
Away zip code
Carrier
Mobile PIN
Mobile number
Date of birth
Date of birth
Gender
Gender
Zip code
Zip code
Country/State
Country/State
Weekly news email
Daily news email
Weekly movie email
Marketing email
Last Name
First Name
Password
User name
MOBILE

设计决策(Design Decision)
比较:实际要求与ASP 2.0 Membership & Profile
No, except for the existence of mobile alias and mobile PIN columns
支持手机用户
WSE 3.0
Authenticated access
No, fixed encoding (UTF-8), salt and configurable hash
支持现有用户
No, 只有两列: PropertyStringsValue 与PropertyBinaryValue
关系型数据模型
No
多个membership and profile 数据库服务器
No, membership and profile API 用于web app需要 HTTPContext
Web service 没有 HTTPContext
ASP 2.0 功能
实际要求
设计选择: Custom Providers 或ASP 2.0 Providers
SqlProfileProvider
System.Web.Profile
Profile
SqlMembershipProvider
System.Web.Security
Membership
Provider
Namespace
Provider Type
设计
SQL Server(MAP Database)
ASP 2.0 Membership and Profile API
MAP web service
Security (WSE 2.0 SP 3/WSE 3.0)(Authentication, Authorization, Encryption, Message signing)
User Profile Schema
Logging
设计: MAP (Membership, Authentication and Profile) web service
MAP API
FrameworkConfiguration API
SQL Server(MAP Database)
SQL Server(MAP Database)
……
Web ServerHostingMAP Web Service
Web ServerHostingMAP Web Service
Web ServerHostingMAP Web Service
设计: Scalability - 多个 Membership Providers and Profile Providers
Membership/Profile DB forUser (A-J)
Membership/Profile DB forUser (K-S)
Membership/Profile DB forUser (T-Z)
Web ServerHostingMAP Web Service
Membership Provider1
ProfileProvider1
Membership Provider2
ProfileProvider2
Membership Provider3
ProfileProvider3
Each web server hosting MAP web service will have multiple membership providers and profile providers, each dedicated to a database server.
Providerselector
设计: Scalability: A provider-centric approach
Determine Provider

……

欲阅读全文，请下载！