有没有一种方法可以结合使用ADFS和非ADFS身份验证?
[英]Is there a way to combine ADFS and non-ADFS authentication?
问题描述
How can I combine an ADFS based and a user database based authentication methods into a single process or at least result in a single User object with claims and roles so I can use AuthorizeAttribute? 
如何将基于ADFS和基于用户数据库的身份验证方法组合到单个进程中,或者至少导致具有声明和角色的单个User对象,以便可以使用AuthorizeAttribute?
I have two ASP.Net MVC applications that I need to combine into a single application, we're eliminating duplicated functionality. 我有两个ASP.Net MVC应用程序,需要将它们组合到一个应用程序中,我们正在消除重复的功能。 Normally this would be a snap, but this one isn't. 通常这会很轻松,但事实并非如此。 The problem is the user authentication App 1 uses ADFS and our AD accounts for authentication. 问题是用户身份验证App 1使用ADFS和我们的AD帐户进行身份验证。 The other application (App 2) uses a user database with salted and hashed passwords. 另一个应用程序(应用程序2)使用带有加密密码和哈希密码的用户数据库。 Not all users in App 2 have, and will never have, AD accounts. 并非App 2中的所有用户都拥有并且永远都不会拥有AD帐户。 That is corporate policy and not negotiable. 那是公司政策,不能商量。
In another application I was able to add additional claims to the User object for dynamically named claims and a custom AuthorizeAttribute. 在另一个应用程序中,我能够向动态命名的声明和自定义AuthorizeAttribute的User对象添加其他声明。 I'm sure I'll need to perform the same action on the App 2 accounts, but I'm not sure how to integrate the two styles seamlessly. 我确定我需要对App 2帐户执行相同的操作,但是我不确定如何无缝地集成这两种样式。
1 个解决方案
解决方案1
0 2019-07-29 19:11:31
Probably the easiest way is to use identityserver 4 to handle the DB authentication and then federate ADFS and identityserver. 可能最简单的方法是使用Identityserver 4处理数据库身份验证,然后联合ADFS和Identityserver。
Or use a SaaS Identity provider like Auth0 for the DB side. 或在数据库端使用Auth0之类的SaaS身份提供程序。 Then federate ADFS and Auth0. 然后联合ADFS和Auth0。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.