Azure AD B2C,Azure AD租户和ADFS
[英]Azure AD B2C, Azure AD Tenants and ADFS
问题描述
I'm building a web portal where my customers can log in - pretty standard stuff. 
我正在建立一个让我的客户可以登录的Web门户-非常标准的东西。
Now I would like my customers to log into the portal by using their "own credentials". 现在,我希望我的客户使用他们的“自己的凭据”登录门户。 The optimal solution would be that users could use one of the following: 最佳解决方案是用户可以使用以下之一:
Office 365
Office 365 If they have O365 then just sign in with their own credentials.
如果他们拥有O365,则只需使用自己的凭据登录。 This scenario is covered by the OOTB VS template OOTB VS模板涵盖了此方案 On-premise ADFS
本地ADFS If the customer has an on premise ADFS then they should be redirected to that to sign in. (I know this needs configuration for both parties, buts that's ok)
如果客户使用本地ADFS,则应将其重定向到该目录以登录。(我知道这需要双方进行配置,但是可以) None of the above
以上都不是 The customer does not have any of the above and therefore need a "local account".
客户没有以上任何一项,因此需要一个“本地帐户”。 In this case I would like to use Azure AD B2C to store the credentials. 在这种情况下,我想使用Azure AD B2C存储凭据。
I can do all of the above, but I have never tried to do it all together in one site. 我可以完成以上所有操作,但我从未尝试过在一个站点中一起完成所有操作。
Therefore, is it at all possible and how should I be constructed? 因此,这是完全可能的,我应该如何构造? And how would the login experience be? 以及登录体验如何?
I'm using OWIN. 我正在使用OWIN。
Any advice would be helpful. 任何意见将是有益的。
Thanks! 谢谢!
2 个解决方案
解决方案1
0 2015-11-02 18:59:00
When you say "local". 当您说“本地”时。 you mean in AAD? 你是说在AAD中?
Azure B2C allows non-federated (ie don't use ADFS) users to provision and then authenticate themselves. Azure B2C允许非联合(即不使用ADFS)用户进行供应并进行身份验证。
However, such users are "outside" of the normal authentication flow and cannot use ADFS or have O365 licenses. 但是,此类用户不在常规身份验证流程之外,并且不能使用ADFS或具有O365许可证。
In terms of ADFS and O365, you need to set: 对于ADFS和O365,您需要设置:
Convert-MsolDomainToFederated
as in Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365 . 如循序渐进:设置AD FS并启用对Office 365的单点登录 。
解决方案2
0 2016-01-10 11:26:00
In future Azure AD B2C will add the ability for users to login using their 'Work Accounts'. 将来,Azure AD B2C将为用户提供使用其“工作帐户”登录的功能。 Those are the accounts used for O365. 这些是用于O365的帐户。 If the respective tenants have setup federation with Azure AD, ADFS federation will also work. 如果各个租户都已使用Azure AD设置了联盟,则ADFS联盟也将起作用。
Meanwhile, the old work around for you to get it to work is to have your application 1. handle multiple tokens. 同时,让您正常工作的老方法是让您的应用程序1.处理多个令牌。 [Azure AD, Azure AD B2C, ADFS or other federations] by implementing each federation to get the tokens. [实施AD,Azure AD B2C,ADFS或其他联盟],方法是实施每个联盟以获取令牌。 2. implement the idp selection screen on the application and federate to appropriate party. 2.在应用程序上实现idp选择屏幕,并联合到适当的参与者。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.