简体繁体 English

使用ADFS验证用户

[英]Authenticate user using ADFS

原文 2016-03-10 09:38:10 1 1 asp.net-mvc/ rest/ azure/ asp.net-web-api/ adfs

We are developing ASP.Net MVC REST API and we want the user authentication should happen via ADFS for consuming the REST API. 我们正在开发ASP.Net MVC REST API，并且我们希望通过ADFS进行用户身份验证以使用REST API。 I read many blogs but didn't found any useful, wherein user could generate the Access Token by passing his credentials (username, password). 我读了许多博客，但没有发现任何有用的信息，其中用户可以通过传递其凭据（用户名，密码）来生成访问令牌。 The generated Token then would be sent to the REST API as a bearer token. 然后，将生成的令牌作为承载令牌发送到REST API。 The reason why we want the user to send his credential is because, we want to validate if the request is coming from trusted user and not from any random person. 我们希望用户发送其凭据的原因是，我们希望验证请求是否来自受信任的用户，而不是来自任何随机的人。 Also, we want to track which user has consumed what APIs etc. 另外，我们想跟踪哪个用户消耗了哪些API等。

The above requirement can be met with Azure AD, but I didn't found any way to do the same using ADFS. Azure AD可以满足上述要求，但是我没有找到使用ADFS进行此操作的任何方法。 Any help would be appreciated. 任何帮助，将不胜感激。 Also, are there any sample code we can get for the same? 另外，有没有可以获得相同的示例代码？

1 个解决方案

If your org or your customer already has AAD and federated with ADFS, it is fine to use Azure AD and the auth is still handled by ADFS. 如果您的组织或客户已经有AAD并与ADFS联合，则可以使用Azure AD，并且auth仍由ADFS处理。

If you don't have Azure AD, see ADFS 2016 TP4 and guidance at https://technet.microsoft.com/en-us/library/mt593305.aspx that uses OPenIDConnect. 如果没有Azure AD，请参阅ADFS 2016 TP4和使用OPenIDConnect的https://technet.microsoft.com/zh-cn/library/mt593305.aspx上的指南。 It uses the Azure AD sample and modifies to consume ADFS. 它使用Azure AD示例并进行修改以使用ADFS。 ADFS 2016 adds full support for OpenIDConnect & OAuth. ADFS 2016添加了对OpenIDConnect和OAuth的完全支持。

Thanks //Sam (@MrADFS) 谢谢//萨姆（@MrADFS）