Azure AD中具有.net核心API的Microsoft.AspNetCore与Microsoft.IdentityModel(ADAL) [英] Microsoft.AspNetCore vs Microsoft.IdentityModel (ADAL) with .net core API in Azure AD
问题描述
干杯
我正在寻找有关与Azure AD一起使用的身份验证库的说明,尤其是有关基于 Microsoft.AspNetCore 和 Microsoft.IdentityModel 的库之间的区别.
I'm looking for some clarification regarding authentication libraries for use with Azure AD, particularly regarding the differences between Microsoft.AspNetCore and Microsoft.IdentityModel based libraries.
我正在.net核心中实现一个Api,将使用Azure Active Directory(AAD)管理其身份验证.根据应用程序的需求,我希望将原始(v1)终结点与ADAL一起使用,而不是v2终结点,因为当前v2终结点(RBAC和组)尚不具备某些功能.所有迹象表明,要使用ADAL库,但这并不能与以下内容同步:
I am implementing an Api in .net core for which authentication will be managed with Azure Active Directory (AAD). Based on the needs of the application I am looking to use the original (v1) endpoint with ADAL rather than the v2 endpoint due to some features not being available with the v2 endpoint at this time (RBAC and groups). All indications are that the ADAL libraries are the way to go, but this does not sync up with the following:
当我在Visual Studio 2017(v15.6.3)中创建.net核心(v2)API项目并选择工作或学校帐户进行身份验证时,会出现以下对话框,指出选择是针对
When I create an .net core (v2) API project in Visual Studio 2017 (v15.6.3) and I select Work or School Accounts for authentication, I get the following dialog which indicates that this choice is for
使用Microsoft Active Directory对用户进行身份验证的应用程序 Azure Active Directory
applications that authenticate users with Active Directory, Microsoft Azure Active Directory
但是,在创建项目时, ADAL 库,(或 MSAL 都不包含在项目中.实际上,项目中引用的库是
Yet when the project is created, ADAL libraries, (nor MSAL for that matter), are not included in the project. In fact, the libraries referenced in the project are
- Microsoft.AspNetCore.Authentication
- Microsoft.AspNetCore.Authentication.JwtBearer
此外,项目模板还构建了一个静态扩展类 AzureAdServiceCollectionExtensions ,用于使用Azure AD处理工作和学校身份验证的详细信息,(请注意,如果您选择使用个人帐户的身份验证,则将使用其他扩展名类已创建,但仍基于天蓝色).
Additionally, the project template builds out a static extension class AzureAdServiceCollectionExtensions for handling the work and school authentication particulars with Azure AD, (note that if you choose a authentication with a personal account, a different extension class is created, but still azure based).
但是这些不是包含在此软件包中的ADAL.net类
But these are not the ADAL.net classes which are in this package
Microsoft.IdentityModel.Clients.ActiveDirectory
AspNetCore软件包由Asp.Net团队发布,而ADAL软件包由AzureAD团队发布.
The AspNetCore packages are published by the Asp.Net team, while the ADAL package is published by the AzureAD team.
最后我遇到一些问题:
为什么ADAL(甚至MSAL)库不是与Azure AD集成的模板的一部分?
Why are the ADAL (or even the MSAL) libraries not part of the templates for integrating with Azure AD?
模板是否表示与Azure AD集成的首选方法,是否暗示要使用AspNetCore库?
Do the templates indicate the preferred approach to integrating with Azure AD, and by implication to use the AspNetCore libraries?
到目前为止,我已阅读的所有有关与Azure AD集成的文档都涉及ADAL或MSAL,我是否错过了AspNetCore库的某些东西?
All the documentation I have read so far for integrating with Azure AD involved ADAL or MSAL, have I missed something with the AspNetCore libraries?
请注意,我确实搜索了使用ADAL或MSAL的项目模板,没有运气.
预先感谢.
Note that I did search for project templates which use ADAL or MSAL, no luck.
Thanks in advance.
推荐答案
ADAL和MSAL是请求和管理令牌所需的库.如果您要构建保护其端点的API并需要访问令牌才能访问,则可能只需要使用.NET核心中间件(模板中包含的中间件).该中间件接受并验证传入的访问令牌.
ADAL and MSAL are the libraries needed for requesting and managing tokens. If you're building an API that protects it's endpoints and requires an access token to access, you likely only need to use the .NET core middleware (what was included in the template). This middleware accepts and validates incoming access tokens.
您唯一需要将ADAL或MSAL集成到应用程序中的情况是,如果您有兴趣进行
The only case you'll need to integrate ADAL or MSAL into your app is if you're interested in doing the On-behalf-of flow from your web API.
此处是实现此功能的代码示例.NET核心API中的中间件.
Here's a code sample that implements this middleware in an .NET core API.
这篇关于Azure AD中具有.net核心API的Microsoft.AspNetCore与Microsoft.IdentityModel(ADAL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
