结合Azure AD(b2c)自定义ClaimsIdentity
[英]Combining Azure AD (b2c) custom ClaimsIdentity
问题描述
I have an ASP.NET 5 (RC1) application for which I am trying to set up authentication and authorization. 
我有一个ASP.NET 5(RC1)应用程序,我正在尝试设置身份验证和授权。 However I am confused and overwhelmed by all the varying authentication and authorization information online in as it pertains to this platform. 然而,我对所有与此平台相关的在线变化的身份验证和授权信息感到困惑和不堪重负。 Much of it seems either hopelessly out of date or simply doesn't seem to apply in this particular usage scenario. 其中大部分似乎无可救药地过时或者似乎不适用于这种特定的使用场景。 Right now, I'm not even sure what the right 'terminology' to use for the question I am trying to ask, but I digress. 现在,我甚至不确定用于我试图提出的问题的正确“术语”,但我离题了。
What I am trying to accomplish is a system whereby users are authenticated/authorized via Azure AD (B2C?), with additional user profile information stored in a database. 我想要实现的是一个系统,通过Azure AD(B2C?)对用户进行身份验证/授权,并在数据库中存储其他用户配置文件信息。 However, the user context in the controllers is accessed in a consistent way using what I presume would be a custom ClaimsPrincipal/ClaimsIdentity? 但是,使用我认为是自定义ClaimsPrincipal / ClaimsIdentity的自定义方式访问控制器中的用户上下文? I would imagine this should be as simple as adding an 'authorize' attribute or something similar and accessing the ClaimsPrinciple.Current.Claims. 我想这应该像添加'authorize'属性或类似的东西并访问ClaimsPrinciple.Current.Claims一样简单。
I have used ASP.NET Identity in the past, but many of the examples I have found aren't using that. 我以前使用过ASP.NET身份,但我发现的很多例子都没有使用它。 Most are simply using the UseOpenIdConnectAuthentication middle-ware. 大多数人只是使用UseOpenIdConnectAuthentication中间件。 I see that ASP.NET Identity is still available but I'm not sure it applies in this scenario. 我看到ASP.NET身份仍然可用,但我不确定它是否适用于这种情况。 I also found a couple posts on here suggesting using a custom ClaimsIdentity to accomplish this, but I am having trouble finding useful up to date examples. 我还在这里发现了一些帖子,建议使用自定义的ClaimsIdentity来完成此任务,但我无法找到有用的最新示例。 BTW, I realize that much of this "profile" information can be stored as custom attributes in azure ad but the way some of the information is used within the application prohibits all of it from being in azure (ie EF linq joins and such). 顺便说一句,我意识到很多这种“配置文件”信息可以作为自定义属性存储在azure广告中,但是在应用程序中使用某些信息的方式会禁止所有这些信息都处于天蓝色(即EF linq连接等)。
Please, tell me if I am even close on some of this. 请告诉我,如果我对其中的某些内容非常接近。 I know this is a fairly new platform and the information is sparse, but certainly I'm not the only one asking these questions. 我知道这是一个相当新的平台,信息很少,但我肯定不是唯一一个提出这些问题的人。
1 个解决方案
解决方案1
3 2016-05-16 22:35:16
Just calling out an excellent article Identity management for multitenant applications in Microsoft Azure . 只需为Microsoft Azure中的多租户应用程序调用一篇优秀文章身份管理 。
A lot of your questions are answered there. 你的很多问题都在那里得到解答。
eg you can augment the claim in the OWIN middleware AuthenticationValidated event. 例如,您可以在OWIN中间件AuthenticationValidated事件中增加声明。
ASP.NET Identity is claims-based in that the attributes are delivered as claims but authentication is on the DB, not via external IDP like Azure AD. ASP.NET Identity是基于声明的,因为属性作为声明提供,但身份验证在数据库上,而不是通过Azure AD等外部IDP。
B2C is a special case in Azure AD - used for many (millions!) external users who can self-register and self-manage eg SSPR. B2C是Azure AD中的一个特例 - 用于许多(数百万!)外部用户,他们可以自我注册和自我管理,例如SSPR。
B2C uses a separate tenant to the normal Azure AD one and the users have no access to things like O365 or any SaaS applications. B2C使用单独的租户到普通的Azure AD,用户无法访问O365或任何SaaS应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.