stackoom
  简体   繁体   中英

Combining Azure AD (b2c) custom ClaimsIdentity

 原文  2016-05-16 20:40:26       asp.net-core-mvc/ azure-ad-b2c/ asp.net5

Question

I have an ASP.NET 5 (RC1) application for which I am trying to set up authentication and authorization. However I am confused and overwhelmed by all the varying authentication and authorization information online in as it pertains to this platform. Much of it seems either hopelessly out of date or simply doesn't seem to apply in this particular usage scenario. Right now, I'm not even sure what the right 'terminology' to use for the question I am trying to ask, but I digress.

What I am trying to accomplish is a system whereby users are authenticated/authorized via Azure AD (B2C?), with additional user profile information stored in a database. However, the user context in the controllers is accessed in a consistent way using what I presume would be a custom ClaimsPrincipal/ClaimsIdentity? I would imagine this should be as simple as adding an 'authorize' attribute or something similar and accessing the ClaimsPrinciple.Current.Claims.

I have used ASP.NET Identity in the past, but many of the examples I have found aren't using that. Most are simply using the UseOpenIdConnectAuthentication middle-ware. I see that ASP.NET Identity is still available but I'm not sure it applies in this scenario. I also found a couple posts on here suggesting using a custom ClaimsIdentity to accomplish this, but I am having trouble finding useful up to date examples. BTW, I realize that much of this "profile" information can be stored as custom attributes in azure ad but the way some of the information is used within the application prohibits all of it from being in azure (ie EF linq joins and such).

Please, tell me if I am even close on some of this. I know this is a fairly new platform and the information is sparse, but certainly I'm not the only one asking these questions.

1 answers

solution1
 3  2016-05-16 22:35:16

Just calling out an excellent article Identity management for multitenant applications in Microsoft Azure .

A lot of your questions are answered there.

eg you can augment the claim in the OWIN middleware AuthenticationValidated event.

ASP.NET Identity is claims-based in that the attributes are delivered as claims but authentication is on the DB, not via external IDP like Azure AD.

B2C is a special case in Azure AD - used for many (millions!) external users who can self-register and self-manage eg SSPR.

B2C uses a separate tenant to the normal Azure AD one and the users have no access to things like O365 or any SaaS applications.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure B2C AD / dotnetcore 2.0 MVC app not authorising Azure AD B2C return url in azure web app plan Azure AD B2C & Microsoft Identity Web - Sign In with multiple policies (.net Core 3.1) Showing avatar for Core MVC using Azure AD Authentication (B2C) How to get list of Users from my Azure AD B2C in asp net core mvc app? Azure B2C Keep signed in MVC 6 .Net Core 2 ASP.NET Core MVC 6 Azure B2C Active Directory Authentication issue .NET Core using Azure B2C Authentication, looking for the User Attributes such as @User.Identity.UserID after logged in JWT Token nested in the "idp_access_token" Claim of the B2C token Azure AD B2B SSO with a multi-tenant application, I'm getting a response like "Insufficient privileges to complete the operation."
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM