摘要
随着网络信息化技术高速发展,业务系统膨胀式增加,管理多个系统认证安全和记住多个系统账户密码,让系统管理员和用户们备受困扰,集中对多形式、多样化信息端统一授权认证亟待解决。当前通用技术标准为采用微服务与实现OAuth2开放统一认证标准协议架构。500米口径球面射电望远镜FAST作为我国自主研发的世界上最大口径天文望远镜,在天文研究上取得令人瞩目的科研成果。FAST早期科学数据中心为加强数据管理与科普工作,研发了大量多形式的数字化信息系统。基于资源安全访问控制管理和简化管理工作的需要,FAST科学数据平台系统必须实现统一授权认证。论文研究开放认证授权标准协议OAuth2和身份验证标准Open ID Connect工作原理,探讨可行方案Identity Server关键技术。分析了当前Fast数据管理平台管理存在的多样的信息系统状况,设计统一身份认证系统架构,并采用IdentityServer4构建统一认证中心,使用.NET微服务实现认证功能,完成各类Web软件系统、App软件和桌面应用软件的统一身份认证接入。
With the rapid development of network information technology,our electronic business information systems are growing continuously.It makes system administrators and users confused how to manage multiple system authentication security and re⁃member multiple system account and passwords.So,it is very important to implement unified identity authentication for multi-from and diversified information clients.Using microservices to implement OAuth2 standard protocol is current common scheme.Five hundred meter Aperture Spherical Radio Telescope(FAST)which is the world’s largest telescope independently developed in china has made remarkable achievements in astronomical research.For scientific data management and science popularization,FAST Ear⁃ly Science Data Center have developed a large number of multi-form digital information systems.We must realize unified identity authentication for strengthening information security and simplifying security management.We analyze the working principles of OAuth2 and Open ID Connect and explore the Identity Server key technologies for a viable solution.For various information sys⁃tems on the management of FAST science data manage platform,we design a unified certification strategy.We used IdentityServer4 to construct unified authentication center and used.NET microservice to realize authentication function,and completed authentica⁃tion access of web software system,App software and desktop application software.
作者
姜家涛
谢晓尧
张辉
JIANG Jia-tao;XIE Xiao-yao;ZHANG Hui(Key Laboratory of Information and Computing Science,Guizhou Normal University,Guiyang 550001,China;School of Mathe-matics and Sciences,Guizhou Normal University,Guiyang 550001,China;FAST Early Science Data Center,Guiyang 550001,Chi-na)
出处
《电脑知识与技术》
2020年第29期13-16,共4页
Computer Knowledge and Technology
基金
国家自然科学基金(U1831131、U1631132、U1731238、11743002)
中国科学院天文大科学研究中心FAST重大成果培育项目(FAST[2019sr04])
国家重点研发计划(2017YFA0402600)
中国科学院战略性先导科技专项(B类)(XDB23000000)
贵州省科技厅联合基金(黔科合LH字[2017]7338号)
贵州师范大学研究生创新基金(研创201528)资助。
