問題描述
我們使用 Azure AD 通過用戶的 Office 365 帳戶對我們的 WPF 應用程序中的用戶進行身份驗證.這是使用 Active Directory 身份驗證庫 (ADAL) 完成的.
We use Azure AD to authenticate users into our WPF application, using their Office 365 accounts. This is done using the Active Directory Authentication Library (ADAL).
目前,每次打開應用程序時都會提示他們登錄.我們想要更改它以允許通過緩存的令牌登錄到應用程序.這可行,但我們希望將令牌的到期時間縮短到 24 小時或更短,在該時間過去后需要再次登錄.
Currently, they are prompted to log in every time they open the app. We want to change this to allow logging in to the app via a cached token. This works but we want to shorten the expiration time of the token to 24 hours or less, requiring another sign in after that time has passed.
我看不到在代碼中操縱訪問令牌過期的方法.這是需要在 Azure AD 中完成的事情嗎?
I don't see a way to manipulate the expiration of an Access Token in code. Is this something that needs to be done within Azure AD?
推薦答案
總結
您不能使用 ADAL 來配置令牌的到期時間.ADAL 是一個身份驗證庫,可幫助您與令牌服務交互,但您可以在服務主體、應用程序或租戶上設置令牌生命周期配置.
Summary
You cannot use ADAL to configure the expiration time of tokens. ADAL is an authentication library that helps you interact with the token service, but you can set the token lifetime configuration on your Service Principal, Application, or Tenant.
您需要使用 Powershell 創建描述所需行為的策略,并將其鏈接到您的服務主體、租戶或應用程序.請記住,如果您正在構建多租戶應用程序,租戶的所有者可以覆蓋您的策略.
You'll need to use Powershell to create a policy describing the behavior you want, and link it to your service principal, tenant, or application. Keep in mind, if you're building a multi-tenant app, the owner of the tenant can overwrite your policy.
tl;dr: 不要依賴應用中的令牌生命周期,因為它隨時可能發生變化.
tl;dr: Don't rely on the token lifetime in your app as it can change at any time.
您可以使用 Azure AD Powershell 命令 設置這些屬性.然后運行以下命令來設置訪問令牌的生命周期:
You can set these properties using Azure AD Powershell Commands. Then run the following commands to set an access token lifetime:
- 登錄到 Powershell.
Connect-AzureAD -Confirm
- 創建一個新策略,將訪問令牌有效期設置為 2 小時.您可以將其更改為 10 分鐘到 1 天之間.
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00","MaxAgeSessionSingleFactor":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
- 獲取政策的 ObjectId.
Get-AzureAdPolicy
- 將新政策與您的應用相關聯.您可以使用 GraphExplorer 獲取應用的 objectId.
- Link the new policy to your application. You can get the objectId of your app using the GraphExplorer.
Add-AzureADApplicationPolicy -Id <應用程序的ObjectId>-RefObjectId <策略的ObjectId>
有關更多示例和完整文檔,請查看 Azure AD 可配置令牌生命周期.
For more examples and the full documentation, check out Azure AD Configurable Token Lifetime.
這篇關于如何配置 Azure AD 訪問令牌的過期時間(使用 ADAL)?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!