[英]How to get ADAL to check username before using cached login credentials to logon user to application
I have an ASP.NET MVC application that uses Azure Active Directory for authentication. 我有一个ASP.NET MVC应用程序,它使用Azure Active Directory进行身份验证。 All works perfectly except for this scenario.
除了这种情况,一切都完美无缺。
Expected behavior: Some error saying the user does not exist or login failed 预期行为:表示用户不存在或登录失败的错误
Application behavior: Logs in user@domain.com by default without checking the new username that's entered. 应用程序行为:默认情况下登录user@domain.com,而不检查输入的新用户名。
Note: portal.azure.com works the same way. 注意:portal.azure.com的工作方式相同。
Question: Is there a way to change this behavior so that the username is validated or authenticated before the cached token is used. 问题:是否有办法更改此行为,以便在使用缓存令牌之前验证或验证用户名。
thanks 谢谢
This is by design.We do not go to AAD for authentication every time, cached credentials as used as the tokens / cookies the client has received during the initial login are good enough to get access to the resources. 这是设计使然。我们不会每次都去AAD进行身份验证,缓存的凭据就像客户端在初始登录期间收到的令牌/ cookie一样,足以获得对资源的访问权限。
There are two ways to achieve what you are looking for 有两种方法可以实现您的目标
1) Implement Sign out( feasible and optimum solution) 1)实施退出(可行和最佳解决方案)
2) Implement a Auth filter and apply at a global level so for every request it has to validate the token and user name provide by user. 2)实现Auth过滤器并在全局级别应用,以便为每个请求验证用户提供的令牌和用户名。
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.