問題描述
是否有一種模式來設計一個能夠同時使用 Open Id Connect(在 Azure AD 中連接)和本地數據庫對用戶進行身份驗證的應用程序?
Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database?
我正在創建的應用程序將擁有來自擁有 Azure Active Directory 的公司的用戶,但也有未受雇于該公司的用戶必須使用該應用程序,因為他們未在 Azure AD 中注冊.
The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD.
沒有 Azure AD 的身份驗證方法應該使用本地數據庫,而不是其他身份驗證提供程序.
The authentication method without the Azure AD should use a local database, not other authentication providers.
推薦答案
您可以使用 ASP.NET Identity 來管理數據庫中的本地用戶,并使用 Azure AD 作為外部身份提供者,使 AAD 帳戶能夠登錄您的應用程序.您可以識別 Azure AD 用戶并鏈接到本地??數據庫中的用戶,以便您還可以管理與本地用戶和 Azure AD 用戶的關系/角色.
You can use ASP.NET Identity for managing your local users in database ,and use Azure AD as external identity provider which enable the AAD accounts to login in your application . You can identify the Azure AD user and link to a user in your local DB , so that you can also manage relationship/roles both with your local users and Azure AD users .
我將提供一個簡單的代碼示例來說明如何實現該功能:
I will provide a simple code sample for how to implement that feature :
使用 ASP.NET Identity(
Individual User Accounts模板)創建新的 .net 核心應用程序.
Create new .net core application with ASP.NET Identity (
Individual User Accountstemplate).
安裝包:Microsoft.AspNetCore.Authentication.AzureAD.UI
Install the package : Microsoft.AspNetCore.Authentication.AzureAD.UI
修改 Startup.cs 以啟用 Azure AD 身份驗證:
Modify the Startup.cs to enable Azure AD Authentication:
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(sharedOptions =>
{
}).AddAzureAD(options => Configuration.Bind("AzureAd", options)).AddCookie();
修改 appsettings.json 以添加 Azure AD 應用設置:
Modify the appsettings.json to add the Azure AD app settings:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxxxxx-xxxxx-4f08-b544-b1eb456f228d",
"ClientId": "xxxxx-xxxxx-4717-9821-e4f718fbece4",
"CallbackPath": "/signin-oidc",
"CookieSchemeName": "Identity.External"
},
用戶在登錄過程中可以選擇本地用戶或AAD用戶登錄.
Users could choose login with local user or AAD user during the login process .
這篇關于.net 核心中的混合身份驗證與 Open Id Connect 和本地數據庫的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!