登录到没有域名的Azure Active Directory [英] Logging into Azure Active Directory without a Domain Name
问题描述
我们希望将Azure Active Directory用作面向外部应用程序的用户存储.当前,我们的MVC/C#4.5应用程序(使用WIF)正在通过被动联盟针对本地ADFS 2.0代理/服务器进行身份验证,我们希望将其移植"到Azure.为此,我们将ACS置于AAD和应用程序之间,以便ACS取代ADFS,而AAD取代Active Directory(在本地).
We're looking to use Azure Active Directory as our user store for an external-facing application. Currently, our MVC/C# 4.5 app (using WIF) is authenticating against an on-premise ADFS 2.0 proxy/server via passive federation and we'd like to "port" this up to Azure. The way we're going about this, we're having ACS sit between AAD and our application such that ACS is replacing ADFS and AAD is replacing Active Directory (on prem).
从技术的角度来看,我们正在进行这项工作.但是,我们有一个主要问题,即用户不仅必须使用用户名登录,还必须使用域名登录.强迫用户使用虚构的电子邮件地址作为用户名是不合理的(而且仅仅是破坏交易的行为).
From a technical standpoint, we have this working. However, we have a major problem in that users must login with not just their username but also the domain name. It's unreasonable (and simply a deal-breaker) to force a fictitious email address on our users as their username.
是否可以通过某种方式进行设置,以使用户无需输入域名?在我们的案例中,ACS后面只有一个标识方:一个AAD目录.因此,我们总是提前知道域名应该是什么.
Is there some way to set this up such that the user need not type in a domain name? In our case, we have only one Identifying Party behind ACS: the one AAD directory. So we always know in advance what the domain name should be.
提前谢谢!
推荐答案
是否要让用户仅使用其用户名(例如"mcollier")而不使用其完整帐户名(例如"mcollier @ mytenant")对Windows Azure AD进行身份验证. onmicrosoft.com)?如果可以,我不认为目前是不可能的.
Are you wanting users to authenticate against Windows Azure AD using only their username (e.g. "mcollier") and not their full account name (e.g. "mcollier@mytenant.onmicrosoft.com)? If so, I do not believe that is currently possible.
如果我正确理解,则该应用程序将ACS用作Windows Azure AD的联合身份验证提供程序.而且只有Windows Azure AD,对吗?如果仅使用一个身份提供商,那么在这种情况下ACS可以提供什么好处?
If I'm understanding correctly, the app is using ACS as a federation provider to Windows Azure AD. And only Windows Azure AD, correct? If only using one identity provider, what benefit is ACS providing in this scenario?
目标是在Windows Azure AD中拥有与本地Windows Server AD相同的用户吗?如果是这样,利用启用了密码哈希同步的新DirSync应该可以解决问题.
Is the goal to have the same users in Windows Azure AD as on-premises Windows Server AD? If so, leveraging the new DirSync w/ password hash sync enabled should do the trick.
这篇关于登录到没有域名的Azure Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
