Azure AD 认证仅适用于部分应用程序
[英]Azure AD authentication for only a part of the application
问题描述
Is it possible to use Azure AD authentication for only a part of the application?
是否可以仅对部分应用程序使用 Azure AD 身份验证?
I work for a school and our team is creating a web application where some users need to sign in with their work/school account.我在一所学校工作,我们的团队正在创建一个 web 应用程序,其中一些用户需要使用他们的工作/学校帐户登录。 Other users can create an individual account and sign in with that.其他用户可以创建个人帐户并使用该帐户登录。 They will use a different part of the application.他们将使用应用程序的不同部分。
The first thing the user should see is a page where he can choose what kind of user he is.用户应该看到的第一件事是一个页面,他可以在其中选择他是什么类型的用户。 If the user is an "external user", he can sign in with his individual account.如果用户是“外部用户”,他可以使用他的个人帐户登录。 If the user is a "teacher" or "student", he can sign in with his work/school account via Azure AD.如果用户是“老师”或“学生”,他可以通过 Azure AD 使用他的工作/学校帐户登录。
Something like this.像这样的东西。
Is this what "Home page URL" is for on the Azure portal under Branding?这就是品牌下 Azure 门户网站上的“主页 URL”吗? The app still immediately shows the Azure AD sign in page when I fill this in.当我填写此信息时,该应用程序仍会立即显示 Azure AD 登录页面。
Or do we need to use Azure AD B2C?还是我们需要使用 Azure AD B2C? Or does that only work for social identities like Google, Facebook, ...?还是仅适用于 Google、Facebook 等社交身份?
2 个解决方案
解决方案1
0 2020-04-29 12:34:37
You can use Azure AD and OpenID auth flow to achieve this.您可以使用 Azure AD 和 OpenID 身份验证流程来实现此目的。
More details in this question Mixing Azure AD authentication with Forms authentication此问题中的更多详细信息Mixing Azure AD 身份验证与 Forms 身份验证
解决方案2
0 2020-04-30 07:11:07
Is this what "Home page URL" is for on the Azure portal under Branding?
You can register multiple authentication schemes in you application, one is authentication using local database, and one is authentication using Azure AD.您可以在您的应用程序中注册多种身份验证方案,一种是使用本地数据库进行身份验证,一种是使用 Azure AD 进行身份验证。 You should make the login page in your application not on Azure side, and has buttons to trigger diffident scheme, for example,AAD scheme:您应该在您的应用程序中使登录页面不在 Azure 侧,并具有触发不同方案的按钮,例如 AAD 方案:
if (!User.Identity.IsAuthenticated)
{
return Challenge(new AuthenticationProperties() { RedirectUri = "/" } , AzureADDefaults.AuthenticationScheme);
}
The simplest way is to use ASP.NET Core Identity and add Azure AD authentication as external login.最简单的方法是使用 ASP.NET Core Identity 并添加 Azure AD 身份验证作为外部登录。 Here is code sample.这是代码示例。
For authorization part, you can manage users and roles inside local database since by default, after AAD login, identity framework will help create a local user in database, but that is also can be customized depends on your requirements.对于授权部分,您可以在本地数据库中管理用户和角色,因为默认情况下,在 AAD 登录后,身份框架将帮助在数据库中创建本地用户,但也可以根据您的要求进行自定义。 Or you can directly create policy and check the claims of users, users login from AAD or local database should have different claims.或者您可以直接创建策略并检查用户的声明,从 AAD 或本地数据库登录的用户应该有不同的声明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.