問題描述

我試圖在整個互聯網上尋找，但看不到如何實現我被要求的目標.這是我的企業應用程序，它使用 Asp.net Identity 進行基于表單的身份驗證.我已經擴展了用戶和角色以及組以在我的代碼中提供授權.(注意:不使用任何組/角色指令).

I tried to look for all over internet but couldn't see how I can achieve what I was asked to. Here is my enterprise app which uses Asp.net Identity for form based authentication. I had extended User and Role along with Groups to provide authorization in my code. (note: not using any group/role directives).

現在我被要求研究更改代碼以適應 Azure Active Directory 身份驗證的可能性.我嘗試閱讀如何注冊應用程序、將用戶發送到 Azure 站點進行身份驗證、取回令牌等.但是我被困在之后怎么辦?"我已通過身份驗證的用戶如何使用我現有的 Asp.net Identity 模型，其中用戶存儲在 sql 數據庫中.如何使用此令牌關聯現有用戶.

Now I was asked to look at possibility of changing code to accommodate Azure Active Directory authentication. I tried reading on how you can register app, send user to Azure site for authentication, get back token etc. However I'm stuck at 'what-afterwards?' I have authenticated user How can I use my existing Asp.net Identity model where user was stored in sql database. How to use this token to relate the existing user.

此外，當我將項目更改為允許 Azure AD 時，它會刪除 Aspnet.Identity 包，因為它與 Azure AD 不兼容！！

Moreover, when I change my project to allow Azure AD, it removes Aspnet.Identity package as its not compatible with Azure AD !!

我什至嘗試手動將兩個包并排放置，我必須指出用戶被發送到 Azure 上進行身份驗證的位置，然后轉回主頁并再次以永無止境的循環登錄 Azure AD.

I even tried manually keeping both packages side by side, I got to point where user is sent to authenticate on Azure, diverted back to home page and again to login on Azure AD in never ending loop.

總結問題，我如何從 AAD 驗證用戶并繼續使用現有的角色和組授權.

to summarize the question, How can I authenticate user from AAD and keep using existing Roles and groups authorization.

我嘗試創建單獨的 Web 服務來驗證用戶并發送 JWT 令牌.如果我直接在瀏覽器上調用它可以找到，但是，當我嘗試從我的網絡應用程序調用此服務時，我得到了奇怪的錯誤

I tried creating separate web service which will authenticate user and send JWT token. which works find if I call it directly on browser, however, when I tried to call this service from my web app I get weird error

 Application with identifier 'a2d2---------------' was not found in the directory azurewebsites.net

這里的奇怪部分是目錄名稱是azurewebsites.net"，而不是我使用的默認目錄.

Weird part here is name of directory is 'azurewebsites.net' and not the default directory I'm using.

更新這是引發錯誤的代碼

public async Task<ActionResult> Login(string returnUrl)
        {


            try
            {

                // get the access token
                AuthenticationContext authContext = new AuthenticationContext(authority, new TokenCache());

                var clientCredential = new ClientCredential(clientId, password);
//Error on below line
                AuthenticationResult result = await authContext.AcquireTokenAsync(resourceId, clientCredential);


                // give it to the server to get a JWT
                HttpClient httpClient = new HttpClient();
                httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
......

推薦答案

試試這個:

var client = new RestClient("https://login.microsoftonline.com/{tenant- 
         Id}/oauth2/v2.0/token");
var request = new RestRequest(Method.POST);         
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");         
request.AddHeader("grant_type", "password");
request.AddParameter("application/x-www-form-urlencoded", 
        "grant_type=password&client_id={client-Id}&client_secret={client- 
        secret}&scope={scopeurl}&userName={username}&password={password}", 
        ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
var json = response.Content;
var JSONObject = JObject.Parse(json);
var token = (string)JSONObject["access_token"];

這篇關于使用 asp.net Identity 進行 Azure AD 身份驗證以進行授權的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！