堆栈内存溢出
  简体   繁体   English

Azure AppService 与用户 AD 身份验证

[英]Azure AppService with user AD Authentication

 原文  2020-05-27 08:33:11       c#/ azure-active-directory/ dynamics-crm/ sharepoint-online/ azure-web-app-service

问题描述

Imagine such a scenario: I have Web API app deployed tu azure as an app service.想象这样一个场景:我有 Web API 应用程序部署了 tu azure 作为应用程序服务。 What I want to do is to implement role-based actions in this Web API.我想做的是在这个 Web API 中实现基于角色的操作。 The problem is that this API will be called from other MS products such as Dynamics CRM, Sharepoint Online, etc. and actions should be called as authenticated user from this other product.问题是此 API 将从其他 MS 产品(例如 Dynamics CRM、Sharepoint Online 等)调用,并且操作应作为此其他产品的经过身份验证的用户调用。 So to simplify:所以为了简化:

  1. User logs into Dynamics CRM用户登录 Dynamics CRM
  2. Some action will be called from Web API一些动作将从 Web API 调用
  3. I need to get information about who called action in Web API code to verify if the user is authorized to actually call this action我需要在 Web API 代码中获取有关调用操作的信息,以验证用户是否有权实际调用此操作

Do you have some materials, tutorials about how to achieve this?你有一些关于如何实现这一点的材料、教程吗? We've spent a lot of time for research about this and didn't found any information about such simple case.我们花了很多时间对此进行研究,但没有找到任何关于这种简单案例的信息。

1 个解决方案

解决方案1
 0  2020-05-28 02:39:40

I believe that you are looking for group claim or app roles .我相信您正在寻找群组声明应用角色

For group claim, you could add the users into different security Groups and include Groups claim in your token.对于组声明,您可以将用户添加到不同的安全组中,并在您的令牌中包含组声明。 You just need to modify the "groupMembershipClaims" field in application manifest:您只需要修改应用程序清单中的“groupMembershipClaims”字段:

"groupMembershipClaims": "SecurityGroup"

Then the ID token will contain the Ids of the groups that the use belongs to like below:然后 ID 令牌将包含用户所属组的 ID,如下所示:

{
  "groups": ["{group id}"]
}

Then you could implement the code logic in your code by the group id.然后您可以通过组 ID 在您的代码中实现代码逻辑。

For app roles, I think it may be more applicable to you.对于应用角色,我认为它可能更适用于你。 You can add app roles in your application and receive them in the token .您可以在应用程序中添加应用程序角色并在令牌中接收它们 After you configure it, you will get the app role claim in the id token of the authorized user.配置完成后,您将在授权用户的 id 令牌中获取应用角色声明。 Then you could execute judgment statements based on it.然后你可以根据它执行判断语句。

More information here: Using groups vs using application roles for authorization in Azure AD apps .此处的更多信息: 在 Azure AD 应用程序中使用组与使用应用程序角色进行授权

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Sharepoint Azure AD身份验证 - Sharepoint Azure AD authentication Forms 和 Azure AD 认证 - Forms and Azure AD Authentication iOS 使用 Azure AD 进行身份验证 - iOS authentication with Azure AD 使用Azure AD进行指纹身份验证 - Fingerprint authentication with Azure AD 实施个人用户帐户和 Azure AD 身份验证 - Implement both Individual User Accounts and Azure AD Authentication 使用AD身份验证从Azure Web App获取用户 - Obtain user from Azure Web App using AD authentication 通过Azure AD ADAL的ASP.NET MVC用户身份验证 - ASP.NET MVC User Authentication through Azure AD ADAL 身份验证 Azure AD 后将用户返回到请求的 URL - Return User to Requested URL after Authentication Azure AD Azure Functions 中的 Azure AD 身份验证 - Azure AD Authentication in Azure Functions Azure AD 用户管理器 - User manager with Azure AD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM