ASP.NET Identity自动注册声明用户
[英]ASP.NET Identity automatically register Claims user
问题描述
We're attempting to build an intranet web application, and we'd like users to be able to just use their domain credentials to sign into our web site and be automatically registered. 
我们正在尝试构建一个Intranet Web应用程序,我们希望用户能够使用他们的域凭据登录我们的网站并自动注册。 All the sample code I've seen with Identity shows users going through a registration page on an AccountController, and the UserManager is used to create the user there. 我在Identity中看到的所有示例代码都显示用户通过AccountController上的注册页面,而UserManager用于在那里创建用户。
Since we're requiring authentication on all pages, the user is currently just redirected to the domain sign-in (we're currently using an Azure Active Domain), and then returned to our page. 由于我们要求在所有页面上进行身份验证,因此用户当前只是重定向到域登录(我们当前正在使用Azure Active Domain),然后返回到我们的页面。 It looks like the default behavior of Identity is to not create a User in the application database when this happens, so we wind up with an authenticated Identity and no corresponding User object in our database. 看起来Identity的默认行为是在发生这种情况时不在应用程序数据库中创建用户,因此我们结束了经过身份验证的身份,并且数据库中没有相应的用户对象。 Is there a good place to hook into to create this user? 是否有一个好地方可以创建这个用户? What's the best way to create the user? 创建用户的最佳方式是什么? And how does the UserLogin table play into this, I assume it's used somehow to match a ClaimsPrincipal with the application database User? UserLogin表如何发挥作用,我假设它以某种方式用于匹配ClaimsPrincipal与应用程序数据库用户?
We're using MVC 5, Entity Framework 6, and WIF 2 我们正在使用MVC 5,Entity Framework 6和WIF 2
1 个解决方案
解决方案1
2 已采纳 2014-07-02 23:22:52
When you use Azure Active Directory (Organizational Accounts), the active directory is your user database. 使用Azure Active Directory(组织帐户)时,活动目录是您的用户数据库。 Unless you add it specifically, there won't be an AspNetUserLogins table like you get when you configure your application for authentication using Individual Accounts. 除非您专门添加,否则将不会像使用个人帐户配置应用程序进行身份验证时获得的AspNetUserLogins表。
I'm making an assumption that you want to create some kind of user table so that you can store user profile data and/or some authorization claims for each user. 我假设您要创建某种用户表,以便您可以为每个用户存储用户配置文件数据和/或某些授权声明。 You can still do this. 你仍然可以这样做。 For example, you may create a table in a SQL Database (or whatever database you want) to store user profile records in. A good extensibility point in your code for this kind of thing is to derive a class from the ClaimsAuthenticationManager and override the Authenticate method. 例如,您可以在SQL数据库(或任何您想要的数据库)中创建一个表来存储用户配置文件记录。在您的代码中,这种事情的一个良好的可扩展性点是从ClaimsAuthenticationManager派生一个类并覆盖Authenticate方法。 In here, you can inspect the claims for the incoming authenticated user, look up additional profile claims you've stored for the user in your database table, and then add those claims to the claim set for the ClaimsPrincipal. 在此处,您可以检查传入的经过身份验证的用户的声明,在数据库表中查找为用户存储的其他配置文件声明,然后将这些声明添加到ClaimsPrincipal的声明集中。 One of the claims you will get from Azure AD in the incoming principal object is an objectidentifier. 您将从传入主体对象中的Azure AD获得的声明之一是objectidentifier。 This would be a good key for your user profile table so you can correctly identify a user on subsequent logins. 这对于您的用户配置文件表来说是一个很好的密钥,因此您可以在后续登录时正确识别用户。
An alternative to the user profile table approach I just described that you may want to look into is the ability to extend the Azure AD schema using Graph API.
我刚才描述的用户配置文件表方法的替代方法是您可以使用Graph API 扩展Azure AD架构的能力。 I've not personally tried this technique yet. 我还没有亲自尝试过这种技术。 It's also still in preview. 它还在预览中。 But, the general idea is you can register an extension for your intranet application that would include the additional properties for each user. 但是,一般的想法是,您可以为Intranet应用程序注册一个扩展,其中包括每个用户的附加属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.