内部用户自动登录 - Azure Active Directory
[英]Automatic Login for Internal Users - Azure Active Directory
问题描述
I have configured Azure AD Auth (v2) in a .NET Core application using this guide and sign in and sign out are working properly.
我已经使用本指南在 .NET 核心应用程序中配置了 Azure AD Auth (v2),并且登录和注销工作正常。 The guide uses the packages Microsoft.Identity.Web and Microsoft.Identity.Web.UI .该指南使用包Microsoft.Identity.Web和Microsoft.Identity.Web.UI 。 I did not add the authorization policy of RequireAuthenticatedUser() since we want to allow anonymous access with some sections hidden if you are not logged in.我没有添加RequireAuthenticatedUser()的授权策略,因为我们希望允许匿名访问,如果您未登录,则隐藏某些部分。
I now have the requirement of automatically logging in those users who are on the VPN or internal network (domain), and am not sure how to go about this.我现在需要自动登录那些在 VPN 或内部网络(域)上的用户,但不知道如何解决这个问题。 I did some digging and saw some references to seamless single sign-on, but my organizations Azure only has Federation enabled with seamless single sign-on and pass-through authentication disabled.我做了一些挖掘并看到了一些关于无缝单点登录的参考,但我的组织 Azure 仅启用了联合,但禁用了无缝单点登录和直通身份验证。
I've added some snippets of the guide below:我在下面添加了一些指南片段:
public class Startup
{
...
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd");
services.AddRazorPages().AddMvcOptions(options =>
{
// Commented out because we want everyone to be able to access, with authenticated (internal) users having more information displayed
/*var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));*/
}).AddMicrosoftIdentityUI();
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// more code here
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => { endpoints.MapRazorPages(); });
app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
// more code here
}
I appreciate any advice or guidance on a path forward.我感谢任何关于前进道路的建议或指导。 Thanks!谢谢!
1 个解决方案
解决方案1
0 2022-09-06 13:39:13
There is a concept of Azure AD Seamless Single Sign-On to Automatically Login Internal users from Azure AD, when using the VPN or internal network.使用 VPN 或内部网络时,有一个 Azure AD 无缝单点登录以从 Azure AD 自动登录内部用户的概念。
As mentioned in the official MSDoc ,如官方MSDoc中所述,
Active Directory Federation Services do not support seamless SSO . Active Directory 联合服务不支持seamless SSO 。
As you can see when Federation is Enabled, we do not have an option to enable Seamless sign-on正如您在启用联合时看到的那样,我们没有启用无缝登录的选项
Azure AD Connect in Portal Azure AD Connect in Portal
Either we can migrate to Password Hash Synchronization or Pass-through Authentication methods to use seamless SSO我们可以迁移到Password Hash Synchronization或Pass-through Authentication方法以使用无缝 SSO
We have an option in portal to migrate to other cloud authentication from Federation Authentication我们在门户中有一个选项可以从联合身份验证迁移到其他云身份验证
In Portal => Azure AD => Azure AD Connect => STAGED ROLLOUT OF CLOUD AUTHENTICATION在 Portal => Azure AD => Azure AD Connect => STAGED ROLLOUT OF CLOUD AUTHENTICATION
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.