問題描述

跟進這個問題:

如何在 ASP.NET MVC 上執行 Azure Active Directory 單點登錄和表單身份驗證

我嘗試在默認 MVC 4 的登錄操作上編寫簡單代碼，該操作同時使用默認表單身份驗證和 Azure Active Directory SSO:

I have tried writing the simple code on Login action of default MVC 4 which uses both default Forms Authentication and Azure Active Directory SSO:

public async Task<ActionResult> Login(LoginModel model, string returnUrl)
{
    if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
    {
        return RedirectToLocal(returnUrl);
    }

    authContext = new AuthenticationContext(authority, new TokenCache());
    var result = await authContext.AcquireTokenAsync(resourceId, clientId, new UserCredential(model.UserName, model.Password));

    // more code
}

因此，如果正常登錄 WebSecurity.Login 不成功，我會嘗試通過使用 ADAL.NET 和以下帖子的憑據(用戶名/密碼)從 AAD 獲取令牌:http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

So if the normal Login WebSecurity.Login is not successful, I try to acquire token from AAD by using ADAL.NET with credential (username/password) following this post: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

運行應用程序時，我從 Azure 收到錯誤:

When running application I got the error from Azure:

AADSTS90027:客戶端[ClientId]"和資源[ResouceId]"標識同一個應用程序.

AADSTS90027: The client '[ClientId]' and resource '[ResouceId]' identify the same application.

我不確定直接在 MVC 登錄操作上使用 ADAL 和憑據是否真的有意義.請有人給我這個東西的提示.

I am not sure whether it really makes sense to use ADAL with credential directly on MVC Login action. Please someone give me a hint on this stuff.

推薦答案

ADAL 并不是為了在 Web 應用程序中實現 Web 登錄.ADAL 幫助應用程序獲取訪問另一個資源的令牌:換句話說，它幫助您的應用程序成為客戶端.此外，用戶名/密碼在 Web 應用程序中不可用，因為它只能在本機應用程序中使用.為了同時使用 FormsAuth 和 Azure AD，請考慮添加 ASP.NET 身份中間件和 OpenId Connect 中間件.OpenId Connect 中間件是用于通過 Azure AD 實現 Web SSO 的庫.

ADAL is not meant to achieve web sign-on in a web application. ADAL helps an application to obtain a token for accessing another resource: in other words, it helps your application to be a CLIENT. Moreover, the username/password is not available in web apps as it is meant to be used only in native applications. In order to use both FormsAuth and Azure AD, please consider adding both the ASP.NET identity middleware and the OpenId Connect middleware. The OpenId Connect middleware is the library one should use for achieving web SSO with Azure AD.

這篇關于Azure Active Directory 與 MVC，客戶端和資源標識同一個應用程序的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！