[英]Azure Active Directory Organizational Authentication Mechasnim
I have recently started on developing an ASP.NET MVC web app which uses organizational authentication on Azure Active Directory. 我最近开始开发ASP.NET MVC Web应用程序,该应用程序在Azure Active Directory上使用组织身份验证。
I followed this tutorial: http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory 我遵循了本教程: http : //www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory
And I managed to deploy the application and it runs correctly. 而且我设法部署了该应用程序,并且它可以正常运行。
However, I'm still unsure of the underlying working mechanism of the Federation WS used to provide the Active Directory organization authentication. 但是,我仍然不确定用于提供Active Directory组织身份验证的联合身份验证WS的基本工作机制。
The application immediately redirects the users to the Microsoft login site when the website is run before rendering the home page. 在呈现主页之前,该应用程序运行时,该应用程序会立即将用户重定向到Microsoft登录站点。 I could not find any piece of codes in the application that make this happen.
我在应用程序中找不到任何代码来实现这一目标。 I tried to comment out the IdentityConfig method in Global.asax but the redirection is still happening.
我试图注释掉Global.asax中的IdentityConfig方法,但重定向仍在发生。
I would like to know when and how does the application start the authentication process and is it possible and safe to suppress the authentication process until the Sign In hyperlink is clicked by the user. 我想知道应用程序何时以及如何启动身份验证过程,并且是否有可能并且安全地禁止身份验证过程,直到用户单击“登录”超链接为止。
For adding AD authentication to ASP.NET WebApps/VNext you can use the new ADAL Library, there are many samples available here https://github.com/AzureADSamples . 要将AD身份验证添加到ASP.NET WebApps / VNext,您可以使用新的ADAL库,此处提供了许多示例https://github.com/AzureADSamples 。 You can use this for example: https://github.com/AzureADSamples/WebApp-WSFederation-DotNet , this is completely driven by user actions.
您可以使用它作为示例: https : //github.com/AzureADSamples/WebApp-WSFederation-DotNet ,这完全由用户操作驱动。
I found out that the solution is pretty easy. 我发现解决方案非常简单。 Just remove:
只需删除:
<system.web>
<!-- remove/comment out
<authorization>
<deny users="?" />
</authorization>
-->
</system.web>
in Web.config. 在Web.config中。 This will tell WSFederationAuthenticationModule not to execute the redirection event and allow anonymous users in public pages.
这将告诉WSFederationAuthenticationModule不要执行重定向事件,并允许匿名用户进入公共页面。
Apply [Authorize] attribute to the action or controller when authentication is needed if you are developing in ASP.NET MVC. 如果在ASP.NET MVC中进行开发,则在需要身份验证时将[Authorize]属性应用于操作或控制器。
If you are developing in ASP.NET Web Form, add the following: 如果使用ASP.NET Web窗体进行开发,请添加以下内容:
<configuration>
<!-- Add the following configuration-->
<location path="Admin">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
The above configuration will force the users to login Azure Active Directory in order to access the relative location path of 'Admin' in your web application (eg http://localhost:8080/Admin ). 上面的配置将强制用户登录Azure Active Directory,以便访问Web应用程序中“ Admin”的相对位置路径(例如http:// localhost:8080 / Admin )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.