[英]Role-based Active Directory authentication and authorization in full stack app (React.js + ASP.Net Core)
I am trying to create a full stack app (with React.js on frontend and ASP .NET Core Web API on the backend).我正在尝试创建一个完整的堆栈应用程序(前端使用 React.js,后端使用 ASP .NET Core Web API)。 The login process needs to be done using Active directory, as users are employees within a single organization.
登录过程需要使用 Active Directory 完成,因为用户是单个组织内的员工。 Frontend must get a token (using a MSAL library) and then send it to backend, where it has to decode it and, basing on it recognize user and register every session in the database, and let users perform actions set with their roles.
前端必须获得一个令牌(使用 MSAL 库),然后将其发送到后端,在那里它必须对其进行解码,并根据它识别用户并在数据库中注册每个会话,并让用户执行为其角色设置的操作。 Those roles, need to be assigned in database.
这些角色,需要在数据库中分配。
Does anyone know how to do that?有谁知道这是怎么做到的吗? Even an example project like that would help me immensely, because everything I have found so far is very basic.
即使是这样的示例项目也会对我有很大帮助,因为到目前为止我发现的所有内容都非常基础。
For implementing the authentication in Asp.net core follow this doc here .要在 Asp.net 核心中实现身份验证,请在此处遵循此文档。
Authorization in Azure AD can also be done with Application Roles. Azure AD 中的授权也可以通过应用程序角色完成。 Application Roles in Azure AD are by no means mutually exclusive.
Azure AD 中的应用程序角色绝不是相互排斥的。 They can be used in tandem to provide even finer grained access control.
它们可以串联使用以提供更细粒度的访问控制。
In your react-app (client) you can get the token, then access webAPI with the token.在您的 react-app(客户端)中,您可以获得令牌,然后使用令牌访问 webAPI。 You can then take a look to this source code .The only different will be that you will call your own webAPI instead of Microsoft graph.
然后您可以查看此源代码。唯一不同的是您将调用自己的 webAPI 而不是 Microsoft 图形。
For controlling the authentication session read more here link .要控制身份验证会话,请在此处阅读更多链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.