Azure Active Directory -.Net Core 3 Web 应用程序 - 禁用 2 因素身份验证
[英]Azure Active Directory - .Net Core 3 Web Application - Disable 2 Factor Authentication
问题描述
I have created a .net core 3 Web Application.
我创建了一个 .net 核心 3 Web 应用程序。 I have connected it to an Azure Active Directory.我已将它连接到 Azure Active Directory。
This is the first time I have used AD so please excuse my ignorance.这是我第一次使用AD,所以请原谅我的无知。
The problem I have is that when the user logs into the website the login process is enforcing 2FA.我遇到的问题是,当用户登录网站时,登录过程正在执行 2FA。 They are being given 14 days grace before this is enforced.在强制执行之前,他们将获得 14 天的宽限期。
Although, personally I have no problem with 2FA, in this case we want to be able to disable it.虽然,我个人对 2FA 没有问题,但在这种情况下,我们希望能够禁用它。
I have searched high and low for documentation on how to do this but many of the documents do not reflect the current design of the Azure Portal.我搜索了有关如何执行此操作的文档,但许多文档并未反映 Azure 门户的当前设计。
Is this something I can control in my Startup.cs?这是我可以在我的 Startup.cs 中控制的东西吗? Which looks like this:看起来像这样:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages();
services.AddSignalR(x =>
{
x.EnableDetailedErrors = true;
});
}
Any help would be greatly appreciated!任何帮助将不胜感激!
1 个解决方案
解决方案1
1 2020-04-21 17:51:46
If you are integrated your application with Azure Active Directory, then make sure the primary and the secondary authentication is happening in Azure.如果您将您的应用程序与 Azure Active Directory 集成,则确保主要和辅助身份验证发生在 Azure 中。
When the user try to login to the website, usually the authentication process goes to Azure AD for primary and 2FA.当用户尝试登录网站时,身份验证过程通常转到 Azure AD 进行初级和 2FA。
Scenario 1 - 14 days grace period方案 1 - 14 天宽限期
Azure Active Directory Identity Protection will prompt your users to register the next time they sign in interactively and they will have 14 days to complete registration. Azure Active Directory 身份保护将提示您的用户在下次交互登录时进行注册,他们将有 14 天的时间完成注册。 During this 14-day period, they can bypass registration but at the end of the period they will be required to register before they can complete the sign-in process.在这 14 天的期限内,他们可以绕过注册,但在期限结束时,他们将被要求注册才能完成登录过程。
Scenario 2 - Disable 2FA场景 2 - 禁用 2FA
If you want to disable MFA for the users, you need to check the following.如果要为用户禁用 MFA,则需要检查以下内容。
Check if there are any conditional access polices are created to trigger MFA including classic policies.
检查是否创建了任何条件访问策略来触发 MFA,包括经典策略。Check if there are any individual MFA setting (enabled) in Azure portal .
检查Azure 门户中是否有任何单独的 MFA 设置(启用)。
You can disable MFA through PowerShell您可以通过PowerShell禁用MFA
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.