堆栈内存溢出
  简体   繁体   English

使用 Azure AD 和 Azure AD B2C 进行网站身份验证

[英]Website authentication with Azure AD and Azure AD B2C

 原文  2020-10-14 14:00:09       authentication/ azure-active-directory/ azure-ad-b2c

问题描述

Here's the context :这是上下文:

I have currently a Corporate Azure AD tenant (Teams, ...) and created a B2C tenant dedicated to my customers which I plan to use for my website authentication.我目前有一个企业 Azure AD 租户(团队,...),并为我的客户创建了一个 B2C 租户,我计划将其用于我的网站身份验证。

I guess It is the purpose of the "multi-tenant" option when registering the app but I wonder If I can limit only to the two tenants I own and not opening my website to anyone which has a Microsoft account (for what I understand reading the Microsoft documentation).我想这是注册应用程序时“多租户”选项的目的,但我想知道我是否可以仅限于我拥有的两个租户而不向拥有 Microsoft 帐户的任何人打开我的网站(根据我的理解阅读Microsoft 文档)。

If anyone which had already set up a similar authentication process can guide me maybe or just give me some tips to do website authentication by checking if the user account is valid in one of the two tenants ?如果已经设置了类似身份验证过程的任何人可以指导我,或者只是通过检查用户帐户在两个租户之一中是否有效来给我一些提示来进行网站身份验证?

Thank you in advance and feel free to ask if you need any more information (maybe I wasn't clear enough).在此先感谢您,并随时询问您是否需要更多信息(也许我不够清楚)。

1 个解决方案

解决方案1
 1  2020-10-14 15:17:27

In Azure AD B2C using custom policies you can set up sign-in for Multi-tenant Azure AD which allows users from multiple Azure AD tenants to sign in, without you having to configure an identity provider for each tenant.在使用自定义策略的 Azure AD B2C 中,您可以为多租户 Azure AD 设置登录,这允许来自多个 Azure AD 租户的用户登录,而无需为每个租户配置身份提供程序。

In the custom policy using https://login.microsoftonline.com/ as the value for ValidTokenIssuerPrefixes you can restrict access to specific list of Azure AD tenant users who can sign in.在使用https://login.microsoftonline.com/作为ValidTokenIssuerPrefixes值的自定义策略中,您可以限制对可以登录的 Azure AD 租户用户的特定列表的访问。

Please refer the above mentioned document on how to sent up the configuration, as you can see in the add claim provider section how to configure multiple organizations/Tenants with the comma separator.请参阅上述有关如何发送配置的文档,正如您在添加声明提供程序部分中看到的如何使用逗号分隔符配置多个组织/租户。

<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000,https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111</Item>

Please refer documentation and samples which helps you in getting started with custom policies请参阅可帮助您开始使用自定义策略的文档示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将azure ad b2c身份验证添加到azure函数spa - adding azure ad b2c authentication to azure function spa Azure B2C OpenID 将身份验证委托给 Azure AD - Azure B2C OpenID delegate authentication to Azure AD Azure AD B2C - 身份验证挑战不会触发身份验证 - Azure AD B2C - Authentication Challenge not triggering authentication Azure AD B2C MSAL 身份验证出现问题 - Problem with Azure AD B2C MSAL authentication Azure AD B2C和SQL Server - Azure AD B2C and SQL Server 如何使用Azure AD B2C设置客户端流身份验证的URL / URI? - How to set up the URL/URI for a Client Flow Authentication with Azure AD B2C? 使用 Azure AD B2C 用户流(或自定义策略)进行 SAFE Stack 身份验证——有没有人解决过这个问题? - SAFE Stack authentication with Azure AD B2C user flows (or custom policies) -- Has anyone solved this? 如何使用Azure AD B2C添加基本访问认证? - How to add basic access authentication using Azure AD B2C? 使用Azure AD B2C的多路访问令牌 - Multiple access tokens with Azure AD B2C Azure AD B2C来宾用户无法登录 - Azure AD B2C Guest User can not log in
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM