如何通过使用OAuth 2.0的Azure Active Directory中验证用户? [英] How to authenticate user with Azure Active Directory using OAuth 2.0?
问题描述
我在C#编写一个REST API,我需要与现有的Azure AD服务进行身份验证。我现在有希望验证用户的用户名和密码。我需要的Azure AD进行身份验证,并从服务器接收一个访问令牌。
I have a REST API written in C# and I need to authenticate with an existing Azure AD service. I currently have the username and password of the user wishing to authenticate. I need to authenticate with Azure AD and receive an access token from the server.
可有人请点我在一些文章/教程解释如何做到这一点的方向是什么?
Can someone please point me in the direction of some articles/tutorials that explain how to do this?
推荐答案
您应该避免处理用户凭据。有采集由使用OAuth 2.0或OpenID的连接得到令牌,而不直接处理凭据减轻A的用户凭据时严重的安全隐患。另外,如果你有你自己的凭证收集用户界面,那么你可能会在未来发生故障,如果多因素认证开启时发现的迹象。在这种情况下,更多的信息可能需要比你正在收集的用户,例如一次性密码验证。如果允许的Azure AD至present通过OAuth 2.0或OpenID的连接认证经验,那么你是从所采用的特定的认证方法绝缘。收集用户的Azure AD证书是要避免的,如果在所有可能的一种不好的做法。
You should avoid handling the users credentials. There are serious security implications when collecting a users credentials that are mitigated by using OAuth 2.0 or OpenID Connect to get a token without directly handling the credentials. Also, if you have your own credential collection UI then you may find that sign in fails in the future if multi-factor authentication is turned on. In that case, more information may be necessary to authenticate the user than you are collecting, a one time password for instance. If you allow Azure AD to present the authentication experience via OAuth 2.0 or OpenID Connect, then you are insulated from the specific authentication method being employed. Collecting the users Azure AD credentials is a bad practice to be avoided if at all possible.
我没有对确切的情况足够的细节,有信心,下面的示例应用,但它至少提供了一个良好的起点。此示例演示如何创建一个调用REST API则可以调用尽可能以最安全的方式是Azure的资源原生应用。
I don't have enough detail on the exact scenario to be confident that the following sample applies, but it will at least provide a good starting point. This sample shows how to create a native app that calls a REST API that can then call an Azure resource in the safest way possible.
https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet
您可以找到很多在这里等样品,可用于构建您的特定情况的解决方案的。
You can find lots of other samples here that can be used to construct a solution for your particular scenario.
https://github.com/AzureADSamples
如果你提供一些更详细的我可以给更具体的指导。
If you provide some more detail I can give more specific guidance.
这篇关于如何通过使用OAuth 2.0的Azure Active Directory中验证用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
