如何在使用缓存登录凭据将用户登录到应用程序之前让ADAL检查用户名
[英]How to get ADAL to check username before using cached login credentials to logon user to application
问题描述
I have an ASP.NET MVC application that uses Azure Active Directory for authentication. 
我有一个ASP.NET MVC应用程序,它使用Azure Active Directory进行身份验证。 All works perfectly except for this scenario. 除了这种情况,一切都完美无缺。
- Launch application and login using user@domain.com, the user is authenticated and application home page is displayed 使用user@domain.com启动应用程序并登录,用户通过身份验证并显示应用程序主页
- Close browser (Logoff not implemented) 关闭浏览器(注销未实现)
- Launch application again and click login as another user 再次启动应用程序并单击另一个用户登录
- Enter username as abc@domain.com - This user is fake and does not exist 输入用户名abc@domain.com - 此用户是假的,不存在
Expected behavior: Some error saying the user does not exist or login failed 预期行为:表示用户不存在或登录失败的错误
Application behavior: Logs in user@domain.com by default without checking the new username that's entered. 应用程序行为:默认情况下登录user@domain.com,而不检查输入的新用户名。
Note: portal.azure.com works the same way. 注意:portal.azure.com的工作方式相同。
Question: Is there a way to change this behavior so that the username is validated or authenticated before the cached token is used. 问题:是否有办法更改此行为,以便在使用缓存令牌之前验证或验证用户名。
thanks 谢谢
1 个解决方案
解决方案1
0 已采纳 2019-04-10 06:27:37
This is by design.We do not go to AAD for authentication every time, cached credentials as used as the tokens / cookies the client has received during the initial login are good enough to get access to the resources. 这是设计使然。我们不会每次都去AAD进行身份验证,缓存的凭据就像客户端在初始登录期间收到的令牌/ cookie一样,足以获得对资源的访问权限。
There are two ways to achieve what you are looking for 有两种方法可以实现您的目标
1) Implement Sign out( feasible and optimum solution) 1)实施退出(可行和最佳解决方案)
2) Implement a Auth filter and apply at a global level so for every request it has to validate the token and user name provide by user. 2)实现Auth过滤器并在全局级别应用,以便为每个请求验证用户提供的令牌和用户名。
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.