堆栈内存溢出
  简体   繁体   English

如何在 Azure Blob 存储上的静态网站中启用 Azure AD(天蓝色活动目录)身份验证

[英]How to enable Azure AD (azure active directory) Authentication in a Static website on Azure Blob Storage

 原文  2019-09-03 15:31:16       azure/ authentication/ azure-active-directory/ azure-storage/ azure-storage-blobs

问题描述

我通过 azure 存储帐户的 BLOB 存储中的 $web 容器托管一个静态网站,我需要使用 AD(Azure 活动目录)身份验证放置静态站点,但我不知道如何完成这些步骤来放置身份验证

1 个解决方案

解决方案1
 1  2019-10-24 10:31:56

The short answer is that there isn't a toggle you can switch to get this behaviour.简短的回答是,没有可以切换的开关来获得这种行为。 But keep reading because there is a way to achieve an equivalent behaviour.但是请继续阅读,因为有一种方法可以实现等效的行为。

It sounds like you are after something similar to what App Service (including Functions Apps) offer and is often referred to as EasyAuth: https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad .听起来您在追求类似于应用服务(包括功能应用)提供的东西,并且通常被称为 EasyAuth: https ://docs.microsoft.com/en-us/azure/app-service/configure-authentication- 提供者-aad

AFAIK, an equivalent functionality doesn't exist for Blob storage. AFAIK,Blob 存储不存在等效功能。 It is a passive service and will not do any authentication for you.它是一种被动服务,不会为您进行任何身份验证。 It doesn't have implicit flow enabled.它没有启用隐式流。 That means it will accept the OAuth tokens you provide, but it will not allow users to authenticate directly against it.这意味着它将接受您提供的 OAuth 令牌,但不允许用户直接对其进行身份验证。

Assuming this is a Single Page Application, and that you don't want to protect the static files (.html, .js, .css, etc.) but only some data that exists either as blobs or sit behind APIs hosted somewhere else, protected by AAD, one way to achieve this is to create two containers:假设这是一个单页应用程序,并且您不想保护静态文件(.html、.js、.css 等),而只想保护一些作为 blob 存在或位于其他地方托管的 API 后面的数据,受 AAD 保护,实现此目的的一种方法是创建两个容器:

  1. The $web container that gets created when "Static website" is enabled启用“静态网站”时创建的 $web 容器
  2. A "data" container, with "Access Level=Private (no anonymous access)"一个“数据”容器,具有“访问级别=私有(无匿名访问)”

Once those containers are in place, proceed to assign any permissions to the "data" container, or even to each individual blob in that container, using RBAC .一旦这些容器就位,继续使用RBAC为“数据”容器分配任何权限,甚至为该容器中的每个单独的 blob 分配权限。

The final step is to use MSAL.js in your Single Page Application hosted in the $web container to obtain the tokens necessary to access your blobs.最后一步是在 $web 容器中托管的单页应用程序中使用MSAL.js来获取访问 blob 所需的令牌。 Explaining how to do that would make this answer too long, but it's well covered in the MSAL.js documentation.解释如何做到这一点会使这个答案太长,但它在 MSAL.js 文档中有很好的介绍。

解决方案2
 0  2019-09-03 15:35:05

可直接从MSFT文档站点获得很多内容,这些内容可以在App服务计划-身份验证中找到

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure Blob存储中的静态网站:如何启用Azure AD身份验证? - Static website in Azure Blob Storage: How to enable Azure AD Authentication? 从 Azure Active Directory (Azure AD) 身份验证访问 Azure Blob 存储 blob - Azure Blob Storage blob access from Azure Active Directory (Azure AD) authentication Azure CDN 阻止存储帐户 Static 使用 Active Directory 进行站点身份验证 - Azure CDN preventing Storage Account Static Site Authentication with Active Directory Blob 存储中的 Windows Azure 网站和静态 html - Windows Azure Website and static html in Blob storage 在Azure Blob存储上设置静态网站的权限 - Set permission for static website on Azure Blob Storage 以编程方式在Azure存储上启用静态网站 - Programmatically enable static website on azure storage 用于托管在 azure 存储 blob 上的静态网站的 azure 管道 - azure pipelines for static website hosted on azure storage blob 如何使用 MSAL 进行 Azure Static 网站 AD 身份验证 - How to do Azure Static website AD Authentication using MSAL 如何在本地运行的WEBAPI上启用Azure Active Directory身份验证 - How to enable Azure Active directory authentication on WEBAPI which is runing locally Azure Active Directory身份验证 - Azure Active Directory Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM