简体繁体 English

在MVC应用程序中使用Office365对用户进行身份验证

[英]Authenticate users with Office365 in MVC aplication

原文 2016-06-20 04:50:36 0 2 c#/ asp.net-mvc/ active-directory/ office365api/ microsoft-graph

I am developing MVC based web application and want to authenticate every users with their own Office365 account. 我正在开发基于MVC的Web应用程序，并希望使用自己的Office365帐户对每个用户进行身份验证。 Once signed in successfully, it should provide the details of that user. 成功登录后，应提供该用户的详细信息。 The users are not specific to my organization only, they can be from any organization. 用户不仅仅针对我的组织，他们可以来自任何组织。

I have tried below link to achieve the same. 我试过下面的链接来实现同样的目的。

http://graph.microsoft.io/en-us/docs/platform/aspnetmvc http://graph.microsoft.io/en-us/docs/platform/aspnetmvc

The above link has a very first step to register the application in the azure active directory, but if i will do that then it will only authenticate users from my organization. 上面的链接是在azure活动目录中注册应用程序的第一步，但如果我这样做，那么它只会验证来自我的组织的用户。 But in my case, every user has to be authenticated by their own organization. 但就我而言，每个用户都必须由他们自己的组织进行身份验证。

So i want to know that is it possible? 所以我想知道这有可能吗？ If yes, then how do i achieve that? 如果是，那我该如何实现呢？

2 个解决方案

Yes, it is possible you need to enable multi-tenancy on your app. 是的，您可能需要在应用上启用多租户。 On the app configuration page in the Windows Azure Portal you will find the toggle for "Application is Multi-tenant". 在Windows Azure门户的应用程序配置页面上，您将找到“应用程序是多租户”的切换。 For more information about multi-tenant apps: https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#application-types-and-scenarios 有关多租户应用程序的更多信息： https ： //azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#application-types-and-scenarios

Registering you application in your Azure Active Directory does not preclude you from authenticating external users . 在Azure Active Directory中注册应用程序并不妨碍您对外部用户进行身份验证。

With OAUTH you have 3 actors; 使用OAUTH，你有3个演员; the Application, the Provider and the User. 应用程序，提供者和用户。 Each of these actors needs to trust the others. 这些参与者中的每一个都需要信任其他人。 The connection between the Provider and the User is the User Account (ie User ID). 提供者和用户之间的连接是用户帐户（即用户ID）。 The connection between the Provider and the Application is the Application Account (ie App ID). 提供者和应用程序之间的连接是应用程序帐户（即应用程序ID）。

When you register your application in Azure Active Directory you are simply establishing an Application ID. 在Azure Active Directory中注册应用程序时，您只需建立应用程序ID。 The only requirement for the User account is that it also lives within an Azure Active Directory. 用户帐户的唯一要求是它也位于Azure Active Directory中。 This does not however have to be the same AAD. 然而，这不一定是相同的AAD。

If this is a public facing website, you may want to use the newer v2 endpoint instead. 如果这是一个面向公众的网站，您可能希望使用较新的v2端点。 Under the covers it is very similar to the workflow you've been looking at but the registration and permissions process is far more straightforward. 在封面下，它与您一直在查看的工作流程非常相似，但注册和权限过程要简单得多。