身份验证和用户身份Authentication and user identity

通用 Windows 平台 (UWP) 应用提供了多个选项可用于用户身份验证,范围从使用 Web 身份验证代理的简单的单一登录 (SSO) 到高度安全的双因素身份验证。Universal Windows Platform (UWP) apps have several options for user authentication, ranging from simple single sign-on (SSO) using Web authentication broker to highly secure two-factor authentication.

对于要连接到第三方标识提供者服务(如 Facebook、Twitter、Flick 等)的常规应用,可使用 Web 身份验证代理For regular app connections to third-party identity provider services, such as Facebook, Twitter, Flickr, and so on, use the Web authentication broker. 为了方便起见,可使用凭据保险箱来保存和漫游用户的登录信息。For added convenience, use Credential Locker to save and roam the user's login information.

使用 Windows 10 的企业应极力考虑使用 Microsoft Passport 和 Windows Hello,因为它们支持高度安全的双重身份验证。Enterprises using Windows 10 should strongly consider using Microsoft Passport and Windows Hello, which enables highly secure two-factor authentication. 如果无法使用 Microsoft Passport,智能卡指纹生物识别可以添加额外的安全层。If using Microsoft Passport is not possible, Smart cards and Fingerprint biometrics can add an additional layer of security.

主题Topic说明Description
凭据保险箱Credential locker本文介绍了应用可如何使用凭据保险箱安全存储和检索用户凭据,并使用用户的 Microsoft 帐户在设备间漫游用户凭据This article describes how apps can use the Credential Locker to securely store and retrieve user credentials, and roam them between devices with the user's Microsoft account
指纹生物识别 Fingerprint biometrics 本文介绍了如何将指纹生物识别添加到应用。This article explains how to add fingerprint biometrics to your app. 在用户必须同意特定操作时将指纹身份验证请求囊括在内,将提升应用的安全性。Including a request for fingerprint authentication when the user must consent to a particular action increases the security of your app. 例如,可在授权应用内购买或对受限资源的访问权限之前要求指纹身份验证。For example, you could require fingerprint authentication before authorizing an in-app purchase, or access to restricted resources. 指纹身份验证使用 Windows.Security.Credentials.UI 命名空间中的 UserConsentVerifier 类进行管理。Fingerprint authentication is managed using the UserConsentVerifier class in the Windows.Security.Credentials.UI namespace.
Microsoft Passport 和 Windows HelloMicrosoft Passport and Windows Hello本文介绍了新的 Windows 10 Microsoft Passport 技术,并讨论了开发人员可如何实现此技术来保护其应用和后端服务。This article describes the new Windows 10 Microsoft Passport technology, and discusses how developers can implement this technology to protect their apps and backend services. 它重点介绍了这些技术的特定功能,这些功能有助于缓解来自传统凭据的威胁,并提供有关设计和部署这些技术作为 Windows 10 部署的一部分的指南。It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about designing and deploying these technologies as part of your Windows 10 rollout.
创建 Microsoft Passport 登录应用Create a Microsoft Passport login app有关如何创建 Windows 10 UWP(通用 Windows 平台)应用的完整演练中的第 1 部分,将使用 Microsoft Passport 作为传统用户名和密码身份验证系统的替代项。Part 1 of a complete walkthrough on how to create a Windows 10 UWP (Universal Windows Platform) app that uses Microsoft Passport as an alternative to traditional username and password authentication systems.
创建 Microsoft Passport 登录服务Create a Microsoft Passport login service有关如何在 Windows 10 UWP(通用 Windows 平台)应用中使用 Microsoft Passport 作为传统用户名和密码身份验证系统的替代项的完整演练中的第 2 部分。Part 2 of a complete walkthrough on how to use Microsoft Passport as an alternative to traditional username and password authentication systems in Windows 10 UWP (Universal Windows platform) apps.
智能卡Smart cards本主题介绍了应用如何使用智能卡将用户连接到安全网络服务,包括如何访问物理智能卡读卡器、创建虚拟智能卡、与智能卡通信、对用户进行身份验证、重置用户 PIN 以及删除智能卡或断开智能卡连接。This topic explains how apps can use smart cards to connect users to secure network services, including how to access physical smart card readers, create virtual smart cards, communicate with smart cards, authenticate users, reset user PINs, and remove or disconnect smart cards.
在应用之间共享证书Share certificates between apps需要用户 ID 和密码组合以外的安全身份验证的 UWP 应用可以使用证书进行身份验证。UWP apps that require secure authentication beyond a user Id and password combination can use certificates for authentication. 对用户进行身份验证时,证书身份验证将提供高级别的信任。Certificate authentication provides a high level of trust when authenticating a user. 在某些情况下,一组服务将要针对多个应用对用户进行身份验证。In some cases, a group of services will want to authenticate a user for multiple apps. 本文介绍了如何使用同一个证书对多个应用进行身份验证,以及如何提供方便代码,用户可使用此代码导入提供的证书以访问安全的 Web 服务。This article shows how you can authenticate multiple apps using the same certificate, and how you can provide convenient code for a user to import a certificate that was provided to access secured web services.
具有配套 (IoT) 设备的 Windows 解锁Windows Unlock with companion IoT devices配套设备是可以与你的 Windows 10 桌面版一起使用来增强用户身份验证体验的设备。A companion device is a device that can act in conjunction with your Windows 10 desktop to enhance the user authentication experience. 通过使用“配套设备框架”,即使是在 Windows Hello 不可用时(例如 Windows 10 桌面版缺少相机进行面部身份验证或缺少指纹读取器设备),配套设备也能提供丰富的 Microsoft Passport 体验。Using the Companion Device Framework, a companion device can provide a rich experience for Microsoft Passport even when Windows Hello is not available (for example, if the Windows 10 desktop lacks a camera for face authentication or fingerprint reader device, for example).
Web 帐户管理器Web account manager本文将介绍如何使用新的 Windows 10 Web 帐户管理器 API 来显示 AccountsSettingsPane 并将你的通用 Windows 平台 (UWP) 应用连接到外部标识提供者,如 Microsoft 或 Facebook。This article describes how to show the AccountsSettingsPane and connect your Universal Windows Platform (UWP) app to external identity providers, like Microsoft or Facebook, using the new Windows 10 Web Account Manager APIs. 你将了解如何请求用户的权限以使用其 Microsoft 帐户、获取访问令牌,并使用它来执行基本的操作(如获取配置文件数据或将文件上传到他们的 OneDrive)。You'll learn how to request a user's permission to use their Microsoft account, obtain an access token, and use it to perform basic operations (like get profile data or upload files to their OneDrive).
Web 身份验证代理Web authentication broker本文介绍了如何将应用连接到使用身份验证协议(如 OpenID 或 OAuth)的在线标识提供程序(如 Facebook、Twitter、Flickr、Instagram 等)。This article explains how to connect your app to an online identity provider that uses authentication protocols like OpenID or OAuth, such as Facebook, Twitter, Flickr, Instagram, and so on. AuthenticateAsync 方法将请求发送给联机标识提供者,并取回描述应用有权访问的提供者资源的访问令牌。The AuthenticateAsync method sends a request to the online identity provider and gets back an access token that describes the provider resources to which the app has access.