问题描述
我们有 MVC 4 开发的遗留系统,使用 Web API 的表单身份验证和基本身份验证(目前还没有 OWIN).
We have the legacy system developed by MVC 4 using Forms Authentication and Basic Authentication for Web API (there is no OWIN so far).
现在我们有很多客户想要单点登录到我们的系统,所以我们使用 Azure Active Directory (AAD) 来存储客户的用户.
Now we have lots of clients which want to do single sign on into our system, so we use Azure Active Directory (AAD) to store client's users.
现在的情况是我们要修改登录工作流程以适应 AAD.登录页面没有变化,在后台,我们检查用户是否存在于我们的系统上(使用我们的数据库),它允许用户访问.如果没有,我们继续在 AAD 上检查用户,在这种情况下我们不想重定向到 Azure 登录页面.
Now the situation is we want to revise the login workflow to adapt with AAD. The login page has no changes, under the hood, we check whether user exists on our system (using our database), it allows user to access. If not, we continue to check user on AAD, we don't want to re-direct to Azure login page in this case.
我已经阅读了大量内容,但不太清楚如何做到这一点?我们还考虑升级到 MVC 5,以便在合适的情况下使用 OWIN 中间件身份验证.
I have done tons of reading but have not much clear how to do this? We also consider to upgrade to MVC 5 in order to use OWIN middleware authentication if it's fine with situation.
推荐答案
一种可能的解决方案是使用 AAD 中应用程序库中的自定义 SSO 应用程序.执行此操作时,AAD 将解析 AAD 用户用于登录系统的表单.当已登录 AAD 的用户进入您的应用程序时,AAD 浏览器插件或应用程序会自动输入用户名和密码.
One possible solution is to use Custom SSO applications from the Application gallery in AAD. When doing this, AAD will parse the form that the AAD users are using to login to the system. When a user that is already logged in to AAD enters your application, the AAD browser plugin or app will enter the username and password automatically.
有关此博客的更多信息:http://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/azure-ad-custom-saas-applications-for-any-3rd-party-service/
More information on this blog: http://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/azure-ad-custom-saas-applications-for-any-3rd-party-service/
这篇关于如何在 ASP.NET MVC 上同时执行 Azure Active Directory 单点登录和表单身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!