[英]One ASP.NET Core 2.2 Web API app Using Multiple Client IDs (Application IDs) of Azure AD B2C
I have ASP.NET 2.2 Web API App using Azure AD B2C for auth我有使用 Azure AD B2C 进行身份验证的 ASP.NET 2.2 Web API 应用程序
I have three roles requirements.我有三个角色要求。 Each role has different Azure AD B2C policies and a user can have one and only one role.每个角色都有不同的 Azure AD B2C 策略,一个用户只能拥有一个角色。
Currently adding roles with B2C is convoluted:目前使用 B2C 添加角色很复杂:
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/10123836-get-user-membership-groups-in-the-claims-with-ad-b https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/10123836-get-user-membership-groups-in-the-claims-with-ad-b
Authorize By Group in Azure Active Directory B2C 在 Azure Active Directory B2C 中按组授权
And to solve the role and policies per role, I am considering having multiple Azure AD B2C Applications within one ASP.NET Core Web API.为了解决每个角色的角色和策略问题,我正在考虑在一个 ASP.NET Core Web API 中包含多个 Azure AD B2C 应用程序。
My ASP.NET Config for Azure AD B2C in the Startup.cs
looks as follow:我在Startup.cs
用于 Azure AD B2C 的 ASP.NET 配置如下所示:
services.AddAuthentication(AzureADB2CDefaults.JwtBearerAuthenticationScheme)
.AddAzureADB2CBearer(o => Configuration.Bind("AzureAdB2C", o));
Is having multiple Azure AD B2C ClientIDs (Application IDs) possible in ASP.NET Core? ASP.NET Core 中是否可以有多个 Azure AD B2C ClientID(应用程序 ID)? Are there libraries to do so?有图书馆可以这样做吗? Do you have a better suggestion?你有更好的建议吗?
I would suggest to get user's group information in one of the notification function s(for example , SecurityTokenValidated) and add claim to the ClaimsPrincipal.我建议在通知函数之一中获取用户的组信息(例如,SecurityTokenValidated)并将声明添加到 ClaimsPrincipal。 You can click here for code sample .您可以单击此处获取代码示例。
If you register multi applications , if using OAuth 2.0 code grant flow , when redirecting user to Azure AD's login page you should provide the client id , how do you know which client id you should use before knowing who is the current user ?如果注册多个应用程序,如果使用OAuth 2.0 代码授权流程,当将用户重定向到 Azure AD 的登录页面时,您应该提供客户端 ID,在知道谁是当前用户之前,如何知道应该使用哪个客户端 ID? Unless you create extra page to let user choose which client he want to login , and then add an OpenIdConnectEvents
handler for the OnRedirectToIdentityProvider
event and replace the ClientId property there .除非您创建额外的页面让用户选择他想要登录的客户端,然后为OnRedirectToIdentityProvider
事件添加OpenIdConnectEvents
处理程序并替换那里的 ClientId 属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.