针对ADFS进行身份验证，针对SQL Server进行授权 [英] authentication against ADFS, authorization against sql server

问题描述

经过几天的搜索，阅读和反复试验，我肯定需要一些帮助.

after several days of searching, reading and trial and error i definitely need some help.

情况: 我需要使用MVC创建一个Web应用程序，其中使用ADFS针对AD对用户进行身份验证.但是他们不想将角色和更多信息存储到AD中.所以我需要阅读这些信息并将其存储在其他地方.我的第一个想法是使用VS在创建新的Web应用程序时选择的相同基础结构，然后选择个人用户帐户".

The Situation: I need to create a Web-Application using MVC where users are authenticated against an AD using ADFS. But they do not want to store the Roles and further Informations into the AD. So i need to read and store those informations somewhere else. My first thougt was to use the same infrastructure which VS sets up when i created a new Web-Application and choose "Individual User Accounts".

我到目前为止所做的事情:

• 我在VS中创建了一个新的Projekt，并使用ADFS(使用此非常有用的链接(

• I created a new Projekt in VS and implemented the authentication against the AD using the ADFS (using this really helpful link(http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/). Works fantastic.
• Start eating my Keyboard because i can't get the next step done.

我的问题/秒: 是否可以使用/扩展ASP.NET Identity Framework来使用ADFS对用户进行身份验证并检索有关已登录用户的更多信息(例如角色，其他属性(例如Department))?有人有很好的链接吗?

My Question/s: Is this possible to authenticate users using the ADFS and retrieve further informations (like Roles, other properties (e.g. Department)) about the logged in user by using / extending the ASP.NET Identity Framework? Does someone have a nice link?

我很乐意提供帮助.

推荐答案

您遇到的问题是，您必须通过某种主键将AD声明映射到ASP.NET标识.

The problem you have is that you have to map the AD claims to the ASP.NET Identity via some kind of primary key.

此处的良好链接:(使用ADFS 4.0(Server 2016)，您将可以使用SQL DB进行身份验证和授权.

(With ADFS 4.0 (Server 2016) you will be able to use a SQL DB for authentication and authorization).

这篇关于针对ADFS进行身份验证，针对SQL Server进行授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！