使用活动目录的MVC 5身份验证,没有单一登录
[英]MVC 5 authentication using active directory with no single sign on
问题描述
I am creating an intranet site in MVC 5 and I want it to authenticate against Active Directory. 
我正在MVC 5中创建一个Intranet站点,并且希望它针对Active Directory进行身份验证。 But I don't want it to use single sign on so the Windows Authentication option doesn't work. 但是我不希望它使用单点登录,因此Windows身份验证选项不起作用。 I want the users to be required to sign in and out by typing in their credentials each time like using Individual User Accounts but I want it to authenticate against AD. 我希望用户每次都需要输入其凭据(例如使用“个人用户帐户”)来登录和注销,但是我希望它根据AD进行身份验证。
I see the new On-Premise Organization Accounts but I am not finding much documentation on it. 我看到了新的本地组织帐户,但找不到太多文档。 And since it requires work from our IT group to get it up and running I don't want to enable this option without knowing for sure if it will allow the users to enter in credentials to sign in and out. 而且由于它需要我们IT部门的工作才能启动和运行,因此我不希望在不确定是否允许用户输入凭据以登录和注销的情况下启用此选项。
If not how do I use Individual users accounts against AD? 如果没有,如何针对AD使用个人用户帐户? All articles I can find are for MVC4... 我可以找到的所有文章都是针对MVC4的...
2 个解决方案
解决方案1
0 2014-07-16 00:31:16
I think the new ADAL v2 RC has added a username and password authentication overload to the GetTokenBy which is what you would be looking for I guess... 我认为新的ADAL v2 RC已向GetTokenBy添加了用户名和密码身份验证过载,这是您在寻找的东西...
UserCredential uc = new UserCredential(user, password); UserCredential uc =新的UserCredential(用户名,密码);
public AuthenticationResult AcquireToken(string resource, string clientId, UserCredential userCredential); 公用AuthenticationResult AcquireToken(字符串资源,字符串clientId,UserCredential userCredential);
public Task AcquireTokenAsync(string resource, string clientId, UserCredential userCredential); 公共任务AcquireTokenAsync(字符串资源,字符串clientId,UserCredential userCredential);
Do check the link. 请检查链接。
Cheers, Bala 干杯,巴拉
解决方案2
0 2014-07-16 07:37:19
the link you provided still requires collaboration from the IT department given that they'd have 1) to set up ADFS and 2) to federate ADFS with an AAD tenant. 您提供的链接仍然需要IT部门的协作,因为他们必须1)设置ADFS,2)将ADFS与AAD租户联合。 Also, that flow should not be used on a server (for security reasons). 此外,出于安全考虑,不应在服务器上使用该流。
Hi user3838574, how the on-premises organization account project will behave depends on how your IT decides to run their ADFS instance. 您好,user3838574,本地组织帐户项目的行为方式取决于您的IT如何决定运行其ADFS实例。 Given that your requirement is the polar opposite of the conventional requirement (seamless SSO if the user already signed in the domain network) you can expect some extra work :-) In the most common deployments, accessing ADFS from the intranet will default the endpoint to windows integrated authentication - the behavior you want to avoid. 鉴于您的需求与常规需求(如果用户已在域网络中登录,则为无缝SSO)完全相反,则可以期待一些额外的工作:-)在最常见的部署中,从Intranet访问ADFS会将端点默认为Windows集成身份验证-您要避免的行为。 However: if your IT has ADFS on Windows Server 2012 R2, I believe there are features you can leverage for achieving the behavior you want. 但是:如果您的IT在Windows Server 2012 R2上具有ADFS,我相信可以利用某些功能来实现所需的行为。 Take a look at http://technet.microsoft.com/en-us/library/dn486781.aspx and see if you can find something that works for you. 查看http://technet.microsoft.com/zh-cn/library/dn486781.aspx ,看看是否可以找到适合您的东西。 If you still have issues I can point the ADFS team to this thread. 如果仍然有问题,我可以将ADFS团队指向该线程。 HTH V. HTHV。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.