久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

asp.net mvc 和 azure 基于活動(dòng)目錄安全組的授權(quán)

asp.net mvc and azure active directory security group based authorization(asp.net mvc 和 azure 基于活動(dòng)目錄安全組的授權(quán))
本文介紹了asp.net mvc 和 azure 基于活動(dòng)目錄安全組的授權(quán)的處理方法,對(duì)大家解決問(wèn)題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!

問(wèn)題描述

限時(shí)送ChatGPT賬號(hào)..

我正在尋找 ASP.NET MVC 應(yīng)用程序的幫助.它對(duì)單租戶(hù) Azure Active Directory 用戶(hù)進(jìn)行身份驗(yàn)證,并可以使用 Active Directory 安全組授權(quán)用戶(hù).即,如果用戶(hù)是該安全組的一部分,則只允許訪問(wèn)網(wǎng)站,否則訪問(wèn)被拒絕.

Visual Studio 本身可以使用向?qū)瓿?Active Directory 身份驗(yàn)證,但不確定如何通過(guò) AAD 安全組執(zhí)行授權(quán).

附:我是 ASP.NET 安全新手

解決方案

當(dāng)用戶(hù)登錄應(yīng)用程序時(shí),來(lái)自 Azure AD 的傳入令牌將包含 組聲明,一旦你適當(dāng)?shù)匦薷牧藨?yīng)用程序的清單 (有關(guān)步驟,請(qǐng)參閱下面的示例應(yīng)用程序鏈接).然后,您的應(yīng)用程序代碼可以讀取這些聲明并根據(jù)它們做出授權(quán)決策.

這是一個(gè)基于組聲明進(jìn)行授權(quán)的示例應(yīng)用程序 -

實(shí)施授權(quán)邏輯時(shí)要考慮的其他信息

  1. 您已經(jīng)特別詢(xún)問(wèn)了有關(guān)組的問(wèn)題,但您還應(yīng)該考慮使用應(yīng)用程序角色,它可以幫助您實(shí)現(xiàn)基于角色的授權(quán)邏輯.查看 Microsoft 文檔鏈接

    I am looking help for ASP.NET MVC application. Which authenticate single tenant azure active directory users and can authorize users using active directory security group. i.e. if user is part of that security group then only allow access to website otherwise access denied.

    Active directory authentication can be done by visual studio itself using wizard but not sure how to perform authorization through AAD security group.

    P.S. I am new to ASP.NET security

    解決方案

    When a user signs into the application, incoming token from Azure AD will contain group claims, once you modify the application's manifest appropriately (see the sample application link below for steps). Your application code can then read these claims and make authorization decisions based on them.

    Here is a sample application that does authorization based on group claims -

    Authorization in a web app using Azure AD groups & group claims

    Group claims

    ADDITIONAL INFORMATION TO CONSIDER WHEN IMPLEMENTING AUTHORIZATION LOGIC

    1. You have specifically asked about Groups, but you should also consider using Application Roles, which can help you implement a Role based authorization logic. Look at Microsoft documentation link Application Roles. Here is a link to another similar question where I have provided a little more detailed information on both Application Roles and Groups and links to sample code for both. Azure Active Directory Integration with Custom RBAC

      Once you understand the usage/purpose of application roles and groups, it's completely possible for you to decide that you want to base your authorization logic on a combination of Roles and Groups information for the signed in user instead of just one.

    2. In case when a user is part of many groups (6 or more AFAIK), Azure AD token doesn't send across the "groups" directly as part of token, instead it sends an overage indicator and then you can query the groups in a separate call. Take a look at the token related documentation here - Claims in id_tokens

    這篇關(guān)于asp.net mvc 和 azure 基于活動(dòng)目錄安全組的授權(quán)的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

    【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問(wèn)題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請(qǐng)聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進(jìn)行身份驗(yàn)證并跨請(qǐng)求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權(quán)不起作用)
ASP Core Azure Active Directory Login use roles(ASP Core Azure Active Directory 登錄使用角色)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護(hù)進(jìn)程或服務(wù)器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問(wèn)令牌和刷新令牌) - IT屋-程序員軟件開(kāi)發(fā)技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問(wèn)令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調(diào)用時(shí) Azure KeyVault Active Directory AcquireTokenAsync 超時(shí))
主站蜘蛛池模板: 国产精品视频网址 | 午夜黄色影院 | 怡红院免费的全部视频 | 五月激情婷婷网 | 手机av免费在线 | 亚洲播放 | 精品一区二区三区91 | 伊人激情综合网 | 色资源站 | 久热伊人| 午夜影晥 | 成人亚洲 | 超碰人人91 | 午夜视频网站 | 欧美日韩国产中文字幕 | 韩国欧洲一级毛片 | 欧美在线一区二区三区 | 91综合网 | 精品国产乱码久久久久久果冻传媒 | 日韩在线欧美 | 欧美在线视频一区二区 | 曰韩一二三区 | 国产精品日日摸夜夜添夜夜av | 国产成人精品一区二区三区视频 | 国产一区二区三区四 | 性欧美精品一区二区三区在线播放 | 99久久中文字幕三级久久日本 | 国产精品日韩欧美 | 亚洲欧美日韩国产 | 老牛嫩草一区二区三区av | 亚洲精品久久久久久国产精华液 | 黄色毛片网站在线观看 | 亚洲激情网站 | 欧美黄在线观看 | 精品欧美一区免费观看α√ | 亚洲一区二区在线播放 | 久草网址 | 欧美精品在线免费 | 成人免费福利视频 | 在线播放一区二区三区 | 一区二区三区免费在线观看 |