[英]How to enable Azure AD (azure active directory) Authentication in a Static website on Azure Blob Storage
我通过 azure 存储帐户的 BLOB 存储中的 $web 容器托管一个静态网站,我需要使用 AD(Azure 活动目录)身份验证放置静态站点,但我不知道如何完成这些步骤来放置身份验证
The short answer is that there isn't a toggle you can switch to get this behaviour.简短的回答是,没有可以切换的开关来获得这种行为。 But keep reading because there is a way to achieve an equivalent behaviour.
但是请继续阅读,因为有一种方法可以实现等效的行为。
It sounds like you are after something similar to what App Service (including Functions Apps) offer and is often referred to as EasyAuth: https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad .听起来您在追求类似于应用服务(包括功能应用)提供的东西,并且通常被称为 EasyAuth: https ://docs.microsoft.com/en-us/azure/app-service/configure-authentication- 提供者-aad 。
AFAIK, an equivalent functionality doesn't exist for Blob storage. AFAIK,Blob 存储不存在等效功能。 It is a passive service and will not do any authentication for you.
它是一种被动服务,不会为您进行任何身份验证。 It doesn't have implicit flow enabled.
它没有启用隐式流。 That means it will accept the OAuth tokens you provide, but it will not allow users to authenticate directly against it.
这意味着它将接受您提供的 OAuth 令牌,但不允许用户直接对其进行身份验证。
Assuming this is a Single Page Application, and that you don't want to protect the static files (.html, .js, .css, etc.) but only some data that exists either as blobs or sit behind APIs hosted somewhere else, protected by AAD, one way to achieve this is to create two containers:假设这是一个单页应用程序,并且您不想保护静态文件(.html、.js、.css 等),而只想保护一些作为 blob 存在或位于其他地方托管的 API 后面的数据,受 AAD 保护,实现此目的的一种方法是创建两个容器:
Once those containers are in place, proceed to assign any permissions to the "data" container, or even to each individual blob in that container, using RBAC .一旦这些容器就位,继续使用RBAC为“数据”容器分配任何权限,甚至为该容器中的每个单独的 blob 分配权限。
The final step is to use MSAL.js in your Single Page Application hosted in the $web container to obtain the tokens necessary to access your blobs.最后一步是在 $web 容器中托管的单页应用程序中使用MSAL.js来获取访问 blob 所需的令牌。 Explaining how to do that would make this answer too long, but it's well covered in the MSAL.js documentation.
解释如何做到这一点会使这个答案太长,但它在 MSAL.js 文档中有很好的介绍。
可直接从MSFT文档站点获得很多内容,这些内容可以在App服务计划-身份验证中找到
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.