将我的应用程序添加到Microsoft的单点登录中 [英] Adding my application to Microsoft's single sign-on
问题描述
我的 应用,而无需再次登录)
The overall goal I want to achieve is to add my application to Microsoft's single sign on scope(once signed in, the user can access other Microsoft service, and my app without the need to sign in again)
更详细的情况:如果用户已经登录了他们的Microsoft帐户,然后访问了我的Web应用程序,则我的应用程序将执行以下任一操作:1:如果Microsoft帐户已与该用户之一链接,则该应用程序将登录用户2:如果有 没有这样的用户,则显示正常的登录表单和链接"按钮. (在这里,通过链接我的意思是将Microsoft帐户ID添加到保存用户信息的表记录中)
A more detailed scenario :if a user has already signed in to their Microsoft account, and then they visit my web application, my app will either 1: if the Microsoft account is already linked with one of the user, the app will log in the user 2: if there is no such a user, then show the normal login form and the "link" button. (here by linking I mean add the Microsoft account id to the table record that save the users' info)
我不确定它是否是有效/合理的功能.通常,类似的流程是为用户提供一个使用Microsoft登录"按钮,然后用户单击它以启动 OAuth2 流程.
I am not sure if it is even a valid/reasonable feature. Usually a similar flow would be to provide a button for the user to "sign in with Microsoft", then the user click it to launch the OAuth2 flow.
困难的部分是,当用户首次访问我的应用程序时,如何在不单击用户使用Microsoft登录"的情况下获取用户的Microsoft帐户的信息(ID,登录状态).按钮.
The difficult part here is, when the user first visit my app, how to get the user's Microsoft account's information(id, login status), without the user clicking the "sign in with Microsoft" button.
目前,这是通过以下方式完成的:在页面加载时,启动 OAuth
每次访问该应用程序时,Azure都太多了.
Currently this is done by: on page load, launch an OAuth2 code
flow authentication to AZURE(my app is registerd there) following this article: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code But
I feel like doing OAuth to
Azure every time when the app is visited is too much.
这将返回一个Microsoft帐户ID令牌,其ID可用于与我的应用中的内部用户进行映射.此过程还可以判断用户当前是否已退出Microsoft帐户.(如果用户未登录到Microsoft,则 不要将用户登录到我的应用程序中,但要提供登录表格)
This will return a Microsoft account id-token with an id that can be used to map with the internal user in my app. This process can also tell whether the user is currently logged out of the Microsoft account.(if the user is not logged in to Microsoft, then dont log the user into my app, but provide login form)
推荐答案
您可以使用OpenID Connect通过基于Cookie的身份验证来检查SSO,之后身份验证后,令牌将发送到应用程序,同时中间件会创建会话cookie.然后,浏览器将使用此cookie 根据后续请求,因此用户无需重新认证.请参考使用以下方式添加登录微软.
You can check for the SSO using OpenID Connect via cookie-based authentication where after authentication the token is sent to the application and at the same time a session cookie is created by the middleware. This cookie is then used by the browser on subsequent request so the user doesn't need to re-authenticate. Please refer to Add sign-on with Microsoft.
这篇关于将我的应用程序添加到Microsoft的单点登录中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
