在服务器上的MSAL.NET中，是否可以为单点登录提供域提示? [英] In MSAL.NET on the server, is there a way to supply a domain hint for single sign-on?

问题描述

在网络上搜索，我发现如果网站使用的是MSAL. js ，则网站开发人员可以提供域提示，这样，当用户开始登录时，系统不会提示他们";选择一个帐户"在Microsoft的登录站点上，库将为其选择帐户，从而提供更好的单点登录体验. 在C#应用程序中使用MSAL.NET时，是否可以提供域提示(或避免使用提起帐户"提示)?

我正在使用MSAL.NET通过Open ID Connect对Azure AD进行身份验证.

解决方案

找到了它.在ConfigureServices(IServiceCollection)中，为OnRedirectToIdentityProvider添加一个事件处理程序.

 var events = new OpenIdConnectEvents()
{
    OnRedirectToIdentityProvider = context =>
    {
        context.ProtocolMessage.DomainHint = "mydomain.com";
        return Task.CompletedTask;
    },
}
services.Configure<OpenIdConnectOptions>(
    AzureADDefaults.OpenIdScheme,
    options =>
    {
        // ...
        options.Events = events;
    }
);
 

Searching the web, I see that if a site is using MSAL.js, the site developer can supply domain hints so that when a user begins to sign on, they aren't prompted with "Pick an account" on Microsoft's login site, and instead the library chooses the account for them, enabling a better single sign-on experience. Is there any way to supply a domain hint (or otherwise avoid the need for the "pick an account" prompt) when using MSAL.NET in a C# application?

I am using MSAL.NET to authenticate against Azure AD via Open ID Connect.

解决方案

Found it. In ConfigureServices(IServiceCollection), add an event handler for OnRedirectToIdentityProvider.

var events = new OpenIdConnectEvents()
{
    OnRedirectToIdentityProvider = context =>
    {
        context.ProtocolMessage.DomainHint = "mydomain.com";
        return Task.CompletedTask;
    },
}
services.Configure<OpenIdConnectOptions>(
    AzureADDefaults.OpenIdScheme,
    options =>
    {
        // ...
        options.Events = events;
    }
);

这篇关于在服务器上的MSAL.NET中，是否可以为单点登录提供域提示?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！