[英]How to add Azure AD authentication to existing .net web site
I have an existing .net web forms site using ADFS authentication ( System.IdentityModel.dll ) with different custom domains, one for each customer. 我有一个现有的.net Web表单站点使用ADFS身份验证( System.IdentityModel.dll )与不同的自定义域,每个客户一个。 In the Global.asax.cs I redirect users to their corresponding ADFS endpoint.
在Global.asax.cs中,我将用户重定向到相应的ADFS端点。
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
if (org == "customername1")
{
strWhr = "http://adfs.customername1.com/adfs/services/trust";
e.SignInRequestMessage.HomeRealm = strWhr;
}
}
Now I need to add Azure AD authentication, cannot use the Visual Studio wizard as authentication is been already set. 现在我需要添加Azure AD身份验证,不能使用Visual Studio向导,因为已经设置了身份验证。
Is there any way I can reuse what I have and redirect users their corresonding Azure AD, as setting the HomeRealm to https://login.windows.net/tenatName ? 有没有什么方法可以重用我拥有的东西并重定向用户他们相同的Azure AD,将HomeRealm设置为https://login.windows.net/tenatName ?
I won't like to add a trust between ADFS and each new customer Azure AD, at least from now, I would like to have ADFS and Azure AD authentication at same time if possible. 我不想在ADFS和每个新客户Azure AD之间添加信任,至少从现在开始,我希望尽可能同时进行ADFS和Azure AD身份验证。
Sites created through VS using Organizational Accounts authentication does the authentication configuration in the Startup.Auth.cs file, is this something I'll have to do together with using Owin dlls ? 通过VS使用组织帐户身份验证创建的站点在Startup.Auth.cs文件中进行身份验证配置,这是否必须与使用Owin dll一起完成?
I would like to have ADFS and Azure AD authentication at same time if possible. 如果可能的话,我希望同时进行ADFS和Azure AD身份验证。
The way Azure AD is designed right now, the mix of the above would only work if the Application is also running as a Azure cloud based service. 现在设计Azure AD的方式,只有在应用程序也作为基于Azure云的服务运行时,上述组合才有效。 Here is what the link says.
这是链接所说的内容。
"Extend Active Directory and any other on-premises directories to Azure AD to enable single sign-on for all cloud-based applications." “将Active Directory和任何其他本地目录扩展到Azure AD,以便为所有基于云的应用程序启用单点登录。”
https://azure.microsoft.com/en-us/services/active-directory/ https://azure.microsoft.com/en-us/services/active-directory/
I am assuming that your application is running on the premise, which would mean, you may not be able to mix them up. 我假设您的应用程序在前提下运行,这意味着您可能无法混淆它们。
Not really answer to my question as I'll create a new project and copy web pages content. 我没有真正回答我的问题,因为我将创建一个新项目并复制网页内容。 I'm testing a potential solution, doesn't looks nice but it works.
我正在测试一个潜在的解决方案,看起来不太好但是有效。 It might be another nicer way to do it, so I'm open to inputs.
这可能是另一种更好的方式,所以我愿意接受投入。
if (org == "customername1")
{
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata,
});
}
else if (org == "customername2")
{
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
}
What I do is to use WSFederation or OpenId protocols depending on the URL the user is loginin. 我所做的是根据用户登录的URL使用WSFederation或OpenId协议。 It keeps the session with the cookie OWIN creates, so testing I've done so far looks promising.
它保持与OWIN创建的cookie的会话,所以到目前为止我做的测试看起来很有希望。 To get this code, just create one project with ADFS authentication and other with Azure AD, then add missing nuget packages to the solution and copy code in StartupAuth.cs from one to another.
要获得此代码,只需创建ADFS身份认证等与Azure的AD一个项目,从一个到另一个添加缺少的NuGet包解决方案,并复制代码StartupAuth.cs。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.