针对ADFS进行身份验证,针对SQL Server进行授权 [英] authentication against ADFS, authorization against sql server
问题描述
经过几天的搜索,阅读和反复试验,我肯定需要一些帮助.
after several days of searching, reading and trial and error i definitely need some help.
情况: 我需要使用MVC创建一个Web应用程序,其中使用ADFS针对AD对用户进行身份验证.但是他们不想将角色和更多信息存储到AD中.所以我需要阅读这些信息并将其存储在其他地方.我的第一个想法是使用VS在创建新的Web应用程序时选择的相同基础结构,然后选择个人用户帐户".
The Situation: I need to create a Web-Application using MVC where users are authenticated against an AD using ADFS. But they do not want to store the Roles and further Informations into the AD. So i need to read and store those informations somewhere else. My first thougt was to use the same infrastructure which VS sets up when i created a new Web-Application and choose "Individual User Accounts".
我到目前为止所做的事情:
- I created a new Projekt in VS and implemented the authentication against the AD using the ADFS (using this really helpful link(http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/). Works fantastic.
- Start eating my Keyboard because i can't get the next step done.
我的问题/秒: 是否可以使用/扩展ASP.NET Identity Framework来使用ADFS对用户进行身份验证并检索有关已登录用户的更多信息(例如角色,其他属性(例如Department))?有人有很好的链接吗?
My Question/s: Is this possible to authenticate users using the ADFS and retrieve further informations (like Roles, other properties (e.g. Department)) about the logged in user by using / extending the ASP.NET Identity Framework? Does someone have a nice link?
我很乐意提供帮助.
推荐答案
您遇到的问题是,您必须通过某种主键将AD声明映射到ASP.NET标识.
The problem you have is that you have to map the AD claims to the ASP.NET Identity via some kind of primary key.
此处的良好链接:(使用ADFS 4.0(Server 2016),您将可以使用SQL DB进行身份验证和授权.
(With ADFS 4.0 (Server 2016) you will be able to use a SQL DB for authentication and authorization).
这篇关于针对ADFS进行身份验证,针对SQL Server进行授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!