如何强制用户对 MSAL angular 使用双因素身份验证?
[英]how can I force users to use two factor authentication with MSAL angular?
问题描述
I am trying to implement two-factor sign in using msal-angular, I want to force users to use two factor authentication, preferably Authenticator App.
我正在尝试使用 msal-angular 实现双因素登录,我想强制用户使用双因素身份验证,最好是 Authenticator App。
So far I only managed to configure it the way users only required to enter password.到目前为止,我只设法按照用户只需要输入密码的方式进行配置。
my settings:我的设置:
const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
export const protectedResourceMap: [string, string[]][] = [
['https://graph.microsoft.com/v1.0/me', ['user.read']]
];
@NgModule({
imports: [
CommonModule,
MsalModule.forRoot({
auth: {
clientId: '*******',
authority: 'https://login.microsoftonline.com/*****/',
validateAuthority: true,
redirectUri: 'http://localhost:4200/',
postLogoutRedirectUri: 'http://localhost:4200/',
navigateToLoginRequestUrl: true,
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: isIE, // set to true for IE 11
},
},
{
popUp: !isIE,
consentScopes: [
'user.read',
'openid',
'profile',
'api://**********/access_as_user'
],
unprotectedResources: ['https://www.microsoft.com/en-us/'],
protectedResourceMap,
extraQueryParameters: {}
}
)
],
declarations: [
],
providers: [
MsalLoginService,
{
provide: HTTP_INTERCEPTORS,
useClass: MsalInterceptor,
multi: true
}
]
})
export class MsalLoginModule { }
due to angular version I use msal-angilar@1.1.2 here is my code:由于 angular 版本我使用 msal-angilar@1.1.2 这是我的代码:
@Injectable({
providedIn: 'root'
})
export class MsalLoginService {
loginDisplay = false;
constructor(
private broadcastService: BroadcastService,
private authService: MsalService
) {
this.checkoutAccount();
this.authService.handleRedirectCallback((authError, response) => {
if (authError) {
console.error('Redirect Error: ', authError.errorMessage);
return;
}
console.log('Redirect Success: ', response);
});
this.authService.setLogger(new Logger((logLevel, message, piiEnabled) => {
console.log('MSAL Logging: ', message);
}, {
correlationId: CryptoUtils.createNewGuid(),
piiLoggingEnabled: false
}));
}
checkoutAccount() {
this.loginDisplay = !!this.authService.getAccount();
}
loginPopup(): Observable<any> {
return new Observable((subscriber) => {
this.authService.loginPopup({ scopes: ['user.read'], prompt: 'select_account' }).then(res => {
this.authService.acquireTokenSilent({ scopes: ['user.read'] }).then((response: any) => {
// send token for validation on server
subscriber.next(response);
}).catch(ex => subscriber.error(ex));
}).catch(ex => subscriber.error(ex));
});
}
logout() {
this.authService.logout();
}
}
just in case although I suppose the problem is in the setting in Azure.以防万一,尽管我认为问题出在 Azure 的设置中。
Edit: There are several ways to force multi-factor login through the Azure Portal, however most of them are visible only through paid/trial account编辑:有几种方法可以通过 Azure 门户强制进行多因素登录,但是其中大多数只能通过付费/试用帐户看到
1 个解决方案
解决方案1
1 已采纳 2021-09-27 22:14:42
Yes, you can force users to use two factor authentication with MSAL angular. Your angular configuration is looking OK.是的,您可以强制用户使用 MSAL angular 的双重身份验证。您的angular 配置看起来没问题。 Now you need to recheck your azure configurations.现在您需要重新检查您的 azure 配置。 You can configure your settings here .您可以在此处配置您的设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.