如何使用OAuth 2.0对Azure Active Directory进行身份验证?
[英]How to authenticate user with Azure Active Directory using OAuth 2.0?
问题描述
I have a REST API written in C# and I need to authenticate with an existing Azure AD service. 
我有一个用C#编写的REST API,我需要使用现有的Azure AD服务进行身份验证。 I currently have the username and password of the user wishing to authenticate. 我目前拥有希望进行身份验证的用户的用户名和密码。 I need to authenticate with Azure AD and receive an access token from the server. 我需要使用Azure AD进行身份验证,并从服务器接收访问令牌。
Can someone please point me in the direction of some articles/tutorials that explain how to do this? 有人可以指点我的一些文章/教程的方向,解释如何做到这一点?
2 个解决方案
解决方案1
18 2015-02-19 02:33:16
You should avoid handling the users credentials. 您应该避免处理用户凭据。 There are serious security implications when collecting a users credentials that are mitigated by using OAuth 2.0 or OpenID Connect to get a token without directly handling the credentials. 收集通过使用OAuth 2.0或OpenID Connect来获取令牌而不直接处理凭据而减轻的用户凭据时,会产生严重的安全隐患。 Also, if you have your own credential collection UI then you may find that sign in fails in the future if multi-factor authentication is turned on. 此外,如果您拥有自己的凭据集合UI,那么如果启用了多因素身份验证,您可能会发现将来登录失败。 In that case, more information may be necessary to authenticate the user than you are collecting, a one time password for instance. 在这种情况下,可能需要更多信息来验证用户而不是收集信息,例如一次性密码。 If you allow Azure AD to present the authentication experience via OAuth 2.0 or OpenID Connect, then you are insulated from the specific authentication method being employed. 如果您允许Azure AD通过OAuth 2.0或OpenID Connect提供身份验证体验,那么您将与所使用的特定身份验证方法隔离。 Collecting the users Azure AD credentials is a bad practice to be avoided if at all possible. 如果可能的话,收集用户Azure AD凭据是一种不好的做法。
I don't have enough detail on the exact scenario to be confident that the following sample applies, but it will at least provide a good starting point. 我对确切情况没有足够的细节以确信以下示例适用,但它至少会提供一个良好的起点。 This sample shows how to create a native app that calls a REST API that can then call an Azure resource in the safest way possible. 此示例演示如何创建调用REST API的本机应用程序,然后可以以最安全的方式调用Azure资源。
https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet
You can find lots of other samples here that can be used to construct a solution for your particular scenario. 您可以在此处找到许多其他示例,这些示例可用于为您的特定方案构建解决方案。
https://github.com/AzureADSamples https://github.com/AzureADSamples
If you provide some more detail I can give more specific guidance. 如果您提供更多细节,我可以提供更具体的指导。
解决方案2
4 2016-02-17 02:44:23
See: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/ 请参阅: http : //www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/
Summary: Create a UserCredential 摘要:创建UserCredential
UserCredential uc = new UserCredential(user, password);
Call one of the AcquireToken() functions with the UserCredential 使用UserCredential调用其中一个AcquireToken()函数
public AuthenticationResult AcquireToken(string resource, string clientId, UserCredential userCredential);
public Task<AuthenticationResult> AcquireTokenAsync(string resource, string clientId, UserCredential userCredential);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.