问题描述
跟进这个问题:
如何在 ASP.NET MVC 上执行 Azure Active Directory 单点登录和表单身份验证
我尝试在默认 MVC 4 的登录操作上编写简单代码,该操作同时使用默认表单身份验证和 Azure Active Directory SSO:
I have tried writing the simple code on Login action of default MVC 4 which uses both default Forms Authentication and Azure Active Directory SSO:
public async Task<ActionResult> Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
return RedirectToLocal(returnUrl);
}
authContext = new AuthenticationContext(authority, new TokenCache());
var result = await authContext.AcquireTokenAsync(resourceId, clientId, new UserCredential(model.UserName, model.Password));
// more code
}
因此,如果正常登录 WebSecurity.Login 不成功,我会尝试通过使用 ADAL.NET 和以下帖子的凭据(用户名/密码)从 AAD 获取令牌:http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/
So if the normal Login WebSecurity.Login is not successful, I try to acquire token from AAD by using ADAL.NET with credential (username/password) following this post: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/
运行应用程序时,我从 Azure 收到错误:
When running application I got the error from Azure:
AADSTS90027:客户端[ClientId]"和资源[ResouceId]"标识同一个应用程序.
AADSTS90027: The client '[ClientId]' and resource '[ResouceId]' identify the same application.
我不确定直接在 MVC 登录操作上使用 ADAL 和凭据是否真的有意义.请有人给我这个东西的提示.
I am not sure whether it really makes sense to use ADAL with credential directly on MVC Login action. Please someone give me a hint on this stuff.
推荐答案
ADAL 并不是为了在 Web 应用程序中实现 Web 登录.ADAL 帮助应用程序获取访问另一个资源的令牌:换句话说,它帮助您的应用程序成为客户端.此外,用户名/密码在 Web 应用程序中不可用,因为它只能在本机应用程序中使用.为了同时使用 FormsAuth 和 Azure AD,请考虑添加 ASP.NET 身份中间件和 OpenId Connect 中间件.OpenId Connect 中间件是用于通过 Azure AD 实现 Web SSO 的库.
ADAL is not meant to achieve web sign-on in a web application. ADAL helps an application to obtain a token for accessing another resource: in other words, it helps your application to be a CLIENT. Moreover, the username/password is not available in web apps as it is meant to be used only in native applications. In order to use both FormsAuth and Azure AD, please consider adding both the ASP.NET identity middleware and the OpenId Connect middleware. The OpenId Connect middleware is the library one should use for achieving web SSO with Azure AD.
这篇关于Azure Active Directory 与 MVC,客户端和资源标识同一个应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
大气响应式网络建站服务公司织梦模板
高端大气html5设计公司网站源码
织梦dede网页模板下载素材销售下载站平台(带会员中心带筛选)
财税代理公司注册代理记账网站织梦模板(带手机端)
成人高考自考在职研究生教育机构网站源码(带手机端)
高端HTML5响应式企业集团通用类网站织梦模板(自适应手机端)