久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

如何使 OAuth2 在 .net 上通過多因素身份驗(yàn)證適用于

How to make OAuth2 work for Azure Active Directory with multi-factor authentication on .net?(如何使 OAuth2 在 .net 上通過多因素身份驗(yàn)證適用于 Azure Active Directory?)
本文介紹了如何使 OAuth2 在 .net 上通過多因素身份驗(yàn)證適用于 Azure Active Directory?的處理方法,對大家解決問題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來一起學(xué)習(xí)吧!

問題描述

限時(shí)送ChatGPT賬號..

我們正在使用 OAuth 2.0Azure Active Directory 上的身份驗(yàn)證代碼授權(quán) 以對我們的 Web 應(yīng)用程序中的用戶進(jìn)行身份驗(yàn)證.

We are using OAuth 2.0 auth code grant on Azure Active Directory to authenticate the users in our web application.

這工作沒有問題,但現(xiàn)在 AD 維護(hù)想要部署多因素身份驗(yàn)證.我們當(dāng)前的 OAuth 實(shí)施與此不符.

This has worked without problems, but now the AD maintenance wants to deploy a multi-factor authentication. Our current OAuth implementation is not in line with that.

這是我們的代碼:

public static ActionResult LogOn()
{
    string authorizationUrl = string.Format(
        "https://login.windows.net/{0}/oauth2/authorize?api-version=1.0&response_type=code&response_mode=query&client_id={1}&scope={2}&redirect_uri={3}",
        HttpUtility.UrlEncode(azureActiveDirectoryTenant),
        HttpUtility.UrlEncode(azureActiveDirectoryClientId),
        HttpUtility.UrlEncode("https://graph.microsoft.com/v1.0/me/"),
        HttpUtility.UrlEncode(azureActiveDirectoryCodeRedirectURL) // refers to Code() below
    );

    return new RedirectResult(authorizationUrl, false);
}

public async Task<ActionResult> Code(string code = null, string state = "", string error = null, string error_description = null)
{
    if (String.IsNullOrEmpty(error))
    {
        if (String.IsNullOrWhiteSpace(code))
        {
            return LogOn();
        }
        AuthenticationContext ctx = new AuthenticationContext("https://login.microsoftonline.com/" + azureActiveDirectoryTenant);
        ClientCredential clcred = new ClientCredential(azureActiveDirectoryClientId, azureActiveDirectoryClientKey);
        try
        {
            var ar = await ctx.AcquireTokenByAuthorizationCodeAsync(code, new Uri(azureActiveDirectoryCodeRedirectURL), clcred, "https://graph.windows.net");
            string email = ar.UserInfo.DisplayableId;

            using (WebClient client = new WebClient())
            {
                client.Headers.Add("Authorization", "Bearer " + ar.AccessToken);

                Stream data = client.OpenRead(new Uri("https://graph.windows.net/me?api-version=1.6"));
                StreamReader reader = new StreamReader(data);
                Dictionary<string, dynamic> values = JsonConvert.DeserializeObject<Dictionary<string, dynamic>>(reader.ReadToEnd());
                data.Close();
                reader.Close();

                ... act on values and redirect...
            }
        }
        catch (AdalServiceException ex)
        {
            // We come here!
            ViewBag.ErrorMessage = String.Format("Exception: ErrorCode: {0}, StatusCode: {1}, Message: {2}.", ex.ErrorCode, ex.StatusCode, ex.Message);
            ...
        }
    }
    return View("OAuthError");
}

還有錯(cuò)誤信息:

ErrorCode: interaction_required, StatusCode: 400, Message: AADSTS50076: Due
to a configuration change made by your administrator, or because you moved to a
new location, you must use multi-factor authentication to access '00000002-0000-
c000-0000000000000'.

本文檔 正在討論 AAD 的條件訪問并提到聲明"作為解決方案.

This document is discussing conditional access on AAD and mentions 'claims' as a solution.

如何將聲明合并到上面的代碼中以使其工作?

How does one incorporate claims to the code above to make it work?

推薦答案

根據(jù) Microsoft 文檔:https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/0fc398ca-88d0-4118-ae60-c3033e396e60

Per Microsoft docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/0fc398ca-88d0-4118-ae60-c3033e396e60

您可以將 amr_values=ngcmfa 添加到授權(quán) URL 以強(qiáng)制執(zhí)行 MFA.

You can add amr_values=ngcmfa to the authorization URL to force MFA.

您還可以添加 amr_values=mfa 以要求用戶已通過 MFA,盡管它可能在不久前發(fā)生.

You can also add amr_values=mfa to require that the user has gone through MFA, though it may have happened a while ago.

您還應(yīng)該檢查令牌是否包含mfa";在 amr 索賠中.(因?yàn)橛脩艨梢詣h除參數(shù))

You should also then check that the token does contain "mfa" in the amr claim. (since the user could just remove the parameter)

這篇關(guān)于如何使 OAuth2 在 .net 上通過多因素身份驗(yàn)證適用于 Azure Active Directory?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內(nèi)容來源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進(jìn)行身份驗(yàn)證并跨請求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權(quán)不起作用)
ASP Core Azure Active Directory Login use roles(ASP Core Azure Active Directory 登錄使用角色)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護(hù)進(jìn)程或服務(wù)器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問令牌和刷新令牌) - IT屋-程序員軟件開發(fā)技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調(diào)用時(shí) Azure KeyVault Active Directory AcquireTokenAsync 超時(shí))
主站蜘蛛池模板: 麻豆一区二区三区 | 久久草视频 | 亚洲精品久久久蜜桃 | 亚洲成人免费av | 男人影院在线观看 | 国产99对白在线播放 | 国产乱码一区二区三区 | 成人在线视频播放 | 精品在线免费视频 | 国产一级黄色大片 | 中文字幕+乱码+中文乱码91 | 欧美在线小视频 | 日本三级韩国三级美三级91 | www.av在线视频 | 欧美一二| 亚洲精品在线视频 | 91亚洲国产成人久久精品网站 | 亚洲国产日韩在线 | 亚洲成人福利 | 成人羞羞国产免费动态 | 欧美在线网址 | www国产亚洲精品久久网站 | 一区二区三区网站 | 亚洲国产毛片 | 一区二区影视 | 九九免费视频 | 国产草草 | 久久久久网站 | 谁有毛片网址 | 国产永久在线 | 婷婷一区二区三区 | 久久天堂av| 国产精品手机在线 | 日日干夜夜骑 | 免费视频一区二区 | 国产一区在线播放 | 日本a级大片 | a级片免费在线观看 | 欧美性猛交99久久久久99按摩 | 久久久国产视频 | 超碰91在线 |