堆栈内存溢出
  简体   繁体   English

MVC应用程序Azure AD和自定义身份验证支持

[英]MVC application Azure AD and custom authentication support

 原文  2017-12-28 21:23:27       azure/ asp.net-mvc-4/ authentication/ azure-active-directory

问题描述

We have implemented Custom token based authentication in the MVC application. 我们已经在MVC应用程序中实现了基于自定义令牌的身份验证。 Now we enabled Azure AD as well using the OpenID Connect as described below. 现在,我们还使用如下所述的OpenID Connect启用了Azure AD。 

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
       {
           ClientId = ADClientId,
           Authority = ADauthority,
           Notifications = new OpenIdConnectAuthenticationNotifications()
           {
               RedirectToIdentityProvider = (context) =>
               {

                   if (context.Request.Path.Value == "/Account/ExternalLogin" || (context.Request.Path.Value == "/Account/LogOff"))
                   {

                       string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                       context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                       context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
                   }
                   else
                   {

                       context.State = Microsoft.Owin.Security.Notifications.NotificationResultState.Skipped;
                       context.HandleResponse();
                   }
                   return Task.FromResult(0);
               },
           }

We need to modify the scenario like below. 我们需要像下面那样修改方案。 If you have any technical suggestion let me know 1) Login page - get user email address 如果您有任何技术建议,请告诉我1)登录页面-获取用户电子邮件地址

2) Check for user id and if that is Azure AD email - then take to the Microsoft authentication page where the user enters the password 2)检查用户ID以及是否是Azure AD电子邮件-然后转到用户输入密码的Microsoft身份验证页面

3) If the user enters custom user id , handle the password page in the application's internal authentication flow 3)如果用户输入自定义用户ID,则在应用程序的内部身份验证流程中处理密码页面

1 个解决方案

解决方案1
 0  2018-02-22 03:59:49

If your requirement is pivoted upon examining if a provided email address is from an existing user account in your Azure Active Directory tenant, then you can utilize the Microsoft Graph to query and confirm. 如果您的要求基于检查提供的电子邮件地址是否来自Azure Active Directory租户中的现有用户帐户,则可以使用Microsoft Graph进行查询和确认。

For example, the following Graph Api REST call would help determine if a provided email address is that of an existing user in your tenant. 例如,以下Graph Api REST调用将有助于确定提供的电子邮件地址是否是您租户中现有用户的电子邮件地址。 

https://graph.microsoft.com/v1.0/users?$filter=startswith(mail%2C+'email@domain.com')

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure AD中的自定义身份验证 - Custom authentication in Azure AD 现有应用程序的Azure AD身份验证 - Azure AD Authentication with existing application 具有Azure AD身份验证的自定义STS - Custom STS with Azure AD authentication 具有Azure身份验证的MVC应用程序 - MVC application with azure authentication 如何将Azure AD身份验证添加到现有的ASP.NET MVC应用程序? - How to add Azure AD Authentication to Existing ASP.NET MVC Application? ASP.NET MVC Core 3.1 中的自定义用户数据与 Azure AD 身份验证? - Custom User data in ASP.NET MVC Core 3.1 with Azure AD Authentication? 一个ASP.NET MVC应用程序中是否可以同时具有Azure AD和个人帐户身份验证? - Is it possible to have both Azure AD and Individual Account authentication in one ASP.NET MVC application? Azure AD身份验证并将角色分配给应用程序用户 - Azure AD authentication and assigning roles to application users 身份验证基于IIS托管的应用程序中的Azure AD - Authentication thought Azure AD in application hosted on IIS Intranet Web应用程序的Azure AD身份验证 - Azure AD Authentication for Intranet Web Application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM