[英]Authenticate web application agains multiple azure ad?
I am thinking about developing in general a web application for enterprise. 我正在考虑开发一般的企业Web应用程序。 What i am thinking about is following scenario:
我在想的是以下场景:
The application should be able to serve multiple customers (called multitenancy?). 该应用程序应该能够为多个客户提供服务(称为多租户?)。 That means that multiple companies could use the software for their employees.
这意味着多家公司可以将该软件用于其员工。
Each of them could have a own azure ad or maybe not. 他们每个人都可以拥有自己的天蓝色广告,也可能没有。 Therefore i would like to know if it is possible to authenticate against multiple/different azure ad's?
因此,我想知道是否可以对多个/不同的azure广告进行身份验证?
Lets assume that a user types in his email address user1@companyA.com then i would try to authenticate him against the ad whihc is configured behind the companyA.com ad, when someone tries to login with user361@companyB.com then i would try to authenticate against azure ad which is configured for companyB.com. 让我们假设用户输入他的电子邮件地址user1@companyA.com然后我会尝试根据在companyA.com广告后面配置的广告对他进行身份验证,当有人尝试使用user361@companyB.com登录然后我会尝试对针对companyB.com配置的azure广告进行身份验证。
Is this possible? 这可能吗? How could i do this?
我怎么能这样做?
That is the exact reason why multi-tenant applications exist. 这就是多租户应用程序存在的确切原因。 So a user from any Azure AD can sign in to your application.
因此,任何Azure AD中的用户都可以登录您的应用程序。
The way it works is like this: 它的工作方式是这样的:
There are a couple important things to note on your app's side: 您的应用程序有几个重要的事项要注意:
https://login.microsoftonline.com/common/oauth2/authorize
instead of the tenant-specific endpoint. https://login.microsoftonline.com/common/oauth2/authorize
而不是特定于租户的端点。 More about single vs multi-tenant: http://www.andrewconnell.com/blog/azure-ad-what%E2%80%99s-the-difference-between-single-vs-multi-tenant 有关单租户与多租户的更多信息: http : //www.andrewconnell.com/blog/azure-ad-what%E2%80%99s-the-difference-between-single-vs-multi-tenant
Example multi-tenant app (ASP.NET MVC): https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect 示例多租户应用程序(ASP.NET MVC): https : //github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.