問(wèn)題描述

我正在研究在基于 C# 的 MVC 應(yīng)用程序中使用 Identity Server 4 進(jìn)行身份驗(yàn)證.我想使用存儲(chǔ)在 Azure AD 中的帳戶(hù)作為有效用戶(hù)的來(lái)源，但文檔似乎只涉及 Google 和 OpenID &只是順便提到了 Azure.

I'm looking into using Identity Server 4 for authentication within a C# based MVC application. I'd like to use accounts stored in Azure AD as a source of valid users but the documentation only seems to refer to Google and OpenID & only mentions Azure in passing.

是否有人知道有關(guān)如何在將 Azure AD 與 Identity Server 4 一起使用的上下文中使用它的任何好的文檔和/或教程?

Does anybody know of any good documentation and/or tutorials on how to use Azure AD in the context of using it with Identity Server 4?

推薦答案

您可以使用從 IdentityServer 登錄到 Azure AD，就像從例如使用登錄到 IdentityServer 一樣.Javascript 或 MVC 應(yīng)用程序.

You can use signin to Azure AD from IdentityServer just as you would use signin to IdentityServer from e.g. a Javascript or MVC app.

我最近已經(jīng)這樣做了，你需要做的就是像這樣向 Azure Ad 注冊(cè) OpenIdConnect 選項(xiàng):

I have done this recently, and all you need to do is register OpenIdConnect options to Azure Ad like this:

public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions());

    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientId,
            Authority = authority,
            PostLogoutRedirectUri = postLogoutRedirectUri,
        });
}

在此處了解更多信息:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-dotnet

然后您應(yīng)該在登錄操作中調(diào)用 ChallengeAsync 方法:

You should then in your Login action call the ChallengeAsync method:

var authenticationProperties = new AuthenticationProperties { RedirectUri = "your redirect uri" };
await HttpContext.Authentication.ChallengeAsync(your policy, authenticationProperties);

然后提供一個(gè)回調(diào)方法作為 GET 方法，然后遵循 IdentityServer 示例中提供的外部登錄示例:https://github.com/IdentityServer/IdentityServer4.Samples/blob/dev/Quickstarts/4_ImplicitFlowAuthenticationWithExternal/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs

Then provide a callback method as a GET method then follow the External Login samples provided in IdentityServer samples: https://github.com/IdentityServer/IdentityServer4.Samples/blob/dev/Quickstarts/4_ImplicitFlowAuthenticationWithExternal/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs

這篇關(guān)于Identityserver 4 和 Azure AD的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！