問題描述

我們有 MVC 4 開發的遺留系統，使用 Web API 的表單身份驗證和基本身份驗證(目前還沒有 OWIN).

We have the legacy system developed by MVC 4 using Forms Authentication and Basic Authentication for Web API (there is no OWIN so far).

現在我們有很多客戶想要單點登錄到我們的系統，所以我們使用 Azure Active Directory (AAD) 來存儲客戶的用戶.

Now we have lots of clients which want to do single sign on into our system, so we use Azure Active Directory (AAD) to store client's users.

現在的情況是我們要修改登錄工作流程以適應 AAD.登錄頁面沒有變化，在后臺，我們檢查用戶是否存在于我們的系統上(使用我們的數據庫)，它允許用戶訪問.如果沒有，我們繼續在 AAD 上檢查用戶，在這種情況下我們不想重定向到 Azure 登錄頁面.

Now the situation is we want to revise the login workflow to adapt with AAD. The login page has no changes, under the hood, we check whether user exists on our system (using our database), it allows user to access. If not, we continue to check user on AAD, we don't want to re-direct to Azure login page in this case.

我已經閱讀了大量內容，但不太清楚如何做到這一點?我們還考慮升級到 MVC 5，以便在合適的情況下使用 OWIN 中間件身份驗證.

I have done tons of reading but have not much clear how to do this? We also consider to upgrade to MVC 5 in order to use OWIN middleware authentication if it's fine with situation.

推薦答案

一種可能的解決方案是使用 AAD 中應用程序庫中的自定義 SSO 應用程序.執行此操作時，AAD 將解析 AAD 用戶用于登錄系統的表單.當已登錄 AAD 的用戶進入您的應用程序時，AAD 瀏覽器插件或應用程序會自動輸入用戶名和密碼.

One possible solution is to use Custom SSO applications from the Application gallery in AAD. When doing this, AAD will parse the form that the AAD users are using to login to the system. When a user that is already logged in to AAD enters your application, the AAD browser plugin or app will enter the username and password automatically.

有關此博客的更多信息:http://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/azure-ad-custom-saas-applications-for-any-3rd-party-service/

More information on this blog: http://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/azure-ad-custom-saas-applications-for-any-3rd-party-service/

這篇關于如何在 ASP.NET MVC 上同時執行 Azure Active Directory 單點登錄和表單身份驗證的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！