堆栈内存溢出
  简体   繁体   English

MVC5 Azure Active Directory基于角色的身份验证Visual Studio 2013

[英]MVC5 Azure Active Directory Role-Based Authentication Visual Studio 2013

 原文  2014-08-22 15:43:30       asp.net-mvc/ authentication/ azure/ visual-studio-2013

问题描述

I have an MVC5 website that was created in Visual Studio 2013. It was set up from the start to use Organizational Authentication using a single-tenant single-sign on. 我有一个在Visual Studio 2013中创建的MVC5网站。该网站从一开始就被设置为使用单租户单点登录使用组织身份验证。 There is no way to access any part of the site without logging in with an account that has the correct domain. 如果没有使用具有正确域的帐户登录,就无法访​​问网站的任何部分。 This is the desired function. 这是所需的功能。

However, I am looking to add role-based authentication using Azure Active Directory. 但是,我希望使用Azure Active Directory添加基于角色的身份验证。 The desired functionality is that some users in certain groups can see some pages, and people in other groups can see different pages, etc. This seems like the most relevant/updated tutorial https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet . 所需的功能是某些组中的某些用户可以看到某些页面,而其他组中的人可以看到不同的页面,等等。这似乎是最相关/最新的教程https://github.com/AzureADSamples/WebApp-GraphAPI-点网 But since I already use WS-Federation to login with an organizational account, do I really have to use OpenID type authentication as stated in the tutorial? 但是,由于我已经使用WS-Federation登录到组织帐户,因此我真的必须按照教程中所述使用OpenID类型身份验证吗? It seems like there should be an easy way to get the roles once I'm already logged in. I know I probably have to use the Graph API in some sense but I don't know how. 登录后,似乎应该有一种简单的方法来获取角色。我知道我可能必须在某种意义上使用Graph API,但我不知道如何使用。 Please advise. 请指教。

1 个解决方案

解决方案1
 0  2014-08-28 03:33:45

At sign-in, when the user arrives at you app with an SSO token - your application can query the directory Graph API to determine the users group memberships. 登录时,当用户使用SSO令牌到达您的应用时-您的应用可以查询目录Graph API以确定用户组成员身份。 Per the group memberships you can either grant permissions to the user directly or map the group membership to a "role" in you application. 根据组成员身份,您可以直接向用户授予权限,也可以将组成员身份映射到应用程序中的“角色”。

We have a topic that explains this in more detail and a sample application (that uses WSFed) to perform role-based authorization using Azure AD group memberships: http://msdn.microsoft.com/en-us/library/azure/dn195601.aspx 我们有一个主题对此进行了更详细的说明,还有一个示例应用程序(使用WSFed)使用Azure AD组成员身份执行基于角色的授权: http : //msdn.microsoft.com/zh-cn/library/azure/dn195601 .aspx

Enjoy :-) 请享用 :-)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 MVC5中的Active Directory身份验证未持久 - Active Directory Authentication in MVC5 is not persisting MVC基于角色的路由 - MVC role-based routing ASP.NET MVC如何应用基于角色或基于身份验证的View呈现? - ASP.NET MVC How to apply role-based or authentication-based View rendering? 在Visual Studio 2013中使用带有Web Essentials的LESS和MVC5 - Using LESS with MVC5 in Visual Studio 2013 with Web Essentials Windows 2012上的MVC5部署到IIS(Visual Studio 2013) - MVC5 Deploy to IIS on Windows 2012 (Visual Studio 2013) 如何在Visual Studio 2013 MVC5中包含简洁的Javascript - How to include Unobtrusive Javascript in Visual Studio 2013 MVC5 基于角色的限制不适用于通过AD的ASP.NET MVC表单身份验证 - Role-based restriction not working for ASP.NET MVC Forms Authentication via AD MVC5如何遍历Azure活动目录用户组 - MVC5 how to iterate through an azure active directory user group MVC3中基于角色的授权的管理/文档 - Management/Documentation of Role-Based Authorization in MVC3 记录Visual Studio MVC5 - Logging Visual Studio MVC5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM