使用Azure Active Directory和Azure移动服务对PHP Web App进行身份验证 [英] Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services
问题描述
我有一个与Azure的移动服务集成的现有移动应用程序.移动服务当前已启用MFA连接到Azure Active Directory.我试图构建一个单独的基于PHP的Web应用程序,该应用程序使用此现有的移动服务和身份验证.
I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication.
身份验证
用户的唯一活动目录是基于云的AAD.没有本地版本,也没有Office365.进行了大量研究后,看来PHP可以使用SAML进行集成.但是,没有任何PHP示例 Azure Active Directory代码示例或与Office 365绑定 azure -sdk-for-php-samples .
The only active directory of users is the cloud-based AAD. There is no local version and no office 365. After doing a lot of research, it appears PHP can integrate using SAML. However, there are either no PHP samples Azure Active Directory Code Samples or they're tied to Office 365 azure-sdk-for-php-samples.
如何通过Web应用程序针对AAD对我的用户进行身份验证?
How can I authenticate my users against AAD via the web-app?
授权
用户通过身份验证后,如何确保其具有与通过移动服务获得的访问级别相同的访问级别?
Once a user has been authenticated, how can I ensure that user has the same access levels as the user via the mobile service?
推荐答案
One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login.
您将获得与在移动应用程序中相同的令牌.关于授权问题,只要您通过移动服务进行后续后端调用,您将获得与在该服务上定义的完全相同的授权规则.
You'll get the same token that you would in your mobile app. To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.
令牌将是客户端绑定的,您可能希望将其返回到服务器以进行呼叫.实际的Mobile Services令牌位于client.currentUser.authenticationToken中,您可以在javascript代码中将其设置为cookie,然后在后续调用中在PHP后端上将其检索.
The token will be client-bound, and you'll likely want to get it back to your server for making calls. The actual Mobile Services token is located in client.currentUser.authenticationToken, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call.
对移动服务的调用(通过 REST API )从您的PHP后端开始,只需要在X-ZUMO-AUTH标头中设置此令牌即可.
Calls to the Mobile Service (via the REST API) from your PHP backend just need this token set in the X-ZUMO-AUTH header.
此方法应适用于所有提供商,包括AAD.在这种情况下,MFA应该不会成为问题.
This approach should work for all providers, including AAD. MFA should not be a problem in this case.
这篇关于使用Azure Active Directory和Azure移动服务对PHP Web App进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
