我最近问了一个类似的问题,但它与AAD B2C有关。现在我想知道如何在我的应用中正确添加策略到Azure Active Directory身份验证。目前,我的启动类看起来是这样的:在Auth 2.0迁移后将Azure AD的策略添加到启动
namespace Auth
{
public class Startup
{
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
private IConfigurationRoot Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(opts =>
{
opts.Filters.Add(typeof(AdalTokenAcquisitionExceptionFilter));
});
services.AddAuthorization(o =>
{
});
services.AddAuthentication(auth =>
{
auth.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
auth.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
auth.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(opts =>
{
Configuration.GetSection("Authentication").Bind(opts);
opts.Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived = async ctx =>
{
HttpRequest request = ctx.HttpContext.Request;
string currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
var credential = new ClientCredential(ctx.Options.ClientId, ctx.Options.ClientSecret);
IDistributedCache distributedCache = ctx.HttpContext.RequestServices.GetRequiredService<IDistributedCache>();
string userId = ctx.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var cache = new AdalDistributedTokenCache(distributedCache, userId);
var authContext = new AuthenticationContext(ctx.Options.Authority, cache);
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
ctx.ProtocolMessage.Code, new Uri(currentUri), credential, ctx.Options.Resource);
ctx.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
};
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
}
}
}
我设法获得所有需要的代币(为天青图)成功地以后,但现在的应用程序使用某种默认的Microsoft政策,我被迫使用微软认证,而我也想认证本地租户用户。我在我的租户中有一个名为B2C_1_SignInPolicy的注册策略,但我无法弄清楚如何将它传递给我的应用程序的身份验证。 App正在使用类似MVC的模型和.Net Core 2.0。
我最好的猜测是添加类似于opts.AddPolicyUrl(” https://...policyName)线;但我无法找到一个方法来做到这一点
你能澄清你想达到什么具体的,?当你说当地的租客用户是否意味着要从特定的Azure AD租户或本地帐户存储中登录用户? –
来自Azure AD租户的本地帐户 - 通过[从此处]创建用户(本地帐户)方案创建的帐户(https://msdn.microsoft.com/zh-cn/library/azure/ad/graph/api/users -operations) –