問(wèn)題描述
是否有一種模式來(lái)設(shè)計(jì)一個(gè)能夠同時(shí)使用 Open Id Connect(在 Azure AD 中連接)和本地?cái)?shù)據(jù)庫(kù)對(duì)用戶(hù)進(jìn)行身份驗(yàn)證的應(yīng)用程序?
Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database?
我正在創(chuàng)建的應(yīng)用程序?qū)碛衼?lái)自擁有 Azure Active Directory 的公司的用戶(hù),但也有未受雇于該公司的用戶(hù)必須使用該應(yīng)用程序,因?yàn)樗麄兾丛?Azure AD 中注冊(cè).
The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD.
沒(méi)有 Azure AD 的身份驗(yàn)證方法應(yīng)該使用本地?cái)?shù)據(jù)庫(kù),而不是其他身份驗(yàn)證提供程序.
The authentication method without the Azure AD should use a local database, not other authentication providers.
推薦答案
您可以使用 ASP.NET Identity 來(lái)管理數(shù)據(jù)庫(kù)中的本地用戶(hù),并使用 Azure AD 作為外部身份提供者,使 AAD 帳戶(hù)能夠登錄您的應(yīng)用程序.您可以識(shí)別 Azure AD 用戶(hù)并鏈接到本地??數(shù)據(jù)庫(kù)中的用戶(hù),以便您還可以管理與本地用戶(hù)和 Azure AD 用戶(hù)的關(guān)系/角色.
You can use ASP.NET Identity for managing your local users in database ,and use Azure AD as external identity provider which enable the AAD accounts to login in your application . You can identify the Azure AD user and link to a user in your local DB , so that you can also manage relationship/roles both with your local users and Azure AD users .
我將提供一個(gè)簡(jiǎn)單的代碼示例來(lái)說(shuō)明如何實(shí)現(xiàn)該功能:
I will provide a simple code sample for how to implement that feature :
使用 ASP.NET Identity(
Individual User Accounts模板)創(chuàng)建新的 .net 核心應(yīng)用程序.
Create new .net core application with ASP.NET Identity (
Individual User Accountstemplate).
安裝包:Microsoft.AspNetCore.Authentication.AzureAD.UI
Install the package : Microsoft.AspNetCore.Authentication.AzureAD.UI
修改 Startup.cs 以啟用 Azure AD 身份驗(yàn)證:
Modify the Startup.cs to enable Azure AD Authentication:
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(sharedOptions =>
{
}).AddAzureAD(options => Configuration.Bind("AzureAd", options)).AddCookie();
修改 appsettings.json 以添加 Azure AD 應(yīng)用設(shè)置:
Modify the appsettings.json to add the Azure AD app settings:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxxxxx-xxxxx-4f08-b544-b1eb456f228d",
"ClientId": "xxxxx-xxxxx-4717-9821-e4f718fbece4",
"CallbackPath": "/signin-oidc",
"CookieSchemeName": "Identity.External"
},
用戶(hù)在登錄過(guò)程中可以選擇本地用戶(hù)或AAD用戶(hù)登錄.
Users could choose login with local user or AAD user during the login process .
這篇關(guān)于.net 核心中的混合身份驗(yàn)證與 Open Id Connect 和本地?cái)?shù)據(jù)庫(kù)的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!