[英]Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services
I've got an existing mobile app that is integrated with Azure's mobile services. 我有一个与Azure移动服务集成的现有移动应用程序。 The mobile services are currently connected to Azure Active Directory with MFA enabled.
移动服务当前已连接到启用了MFA的Azure Active Directory。 I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication.
我正在尝试构建一个单独的基于PHP的Web应用程序,该应用程序使用现有的移动服务和身份验证。
Authentication 认证
The only active directory of users is the cloud-based AAD. 用户唯一的活动目录是基于云的AAD。 There is no local version and no office 365. After doing a lot of research, it appears PHP can integrate using SAML.
没有本地版本,也没有办公室365.经过大量研究,看来PHP可以使用SAML进行集成。 However, there are either no PHP samples Azure Active Directory Code Samples or they're tied to Office 365 azure-sdk-for-php-samples .
但是,要么没有PHP示例Azure Active Directory代码示例,要么它们与Office 365 azure-sdk-for-php-samples绑定。
How can I authenticate my users against AAD via the web-app? 如何通过网络应用程序针对AAD对我的用户进行身份验证?
Authorization 授权
Once a user has been authenticated, how can I ensure that user has the same access levels as the user via the mobile service? 用户通过身份验证后,如何确保用户通过移动服务获得与用户相同的访问级别?
One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login . 一种选择是让您的PHP应用程序使用移动服务JavaScript SDK提供页面并让它执行登录 。
You'll get the same token that you would in your mobile app. 您将获得与移动应用程序中相同的令牌。 To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.
对于您的授权问题,只要您通过移动服务进行后续后端呼叫,您将获得与您在该服务上定义的完全相同的授权规则。
The token will be client-bound, and you'll likely want to get it back to your server for making calls. 令牌将受客户端约束,您可能希望将其返回到服务器以进行调用。 The actual Mobile Services token is located in
client.currentUser.authenticationToken
, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call. 实际的Mobile Services令牌位于
client.currentUser.authenticationToken
,您可以将其设置为javascript代码中的cookie,然后在后续调用中在PHP后端检索它。
Calls to the Mobile Service (via the REST API ) from your PHP backend just need this token set in the X-ZUMO-AUTH header. 从PHP后端调用移动服务(通过REST API )只需要在X-ZUMO-AUTH标头中设置此标记。
This approach should work for all providers, including AAD. 这种方法适用于所有提供商,包括AAD。 MFA should not be a problem in this case.
在这种情况下,MFA应该不是问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.