实施个人用户帐户和Azure AD身份验证 [英] Implement both Individual User Accounts and Azure AD Authentication

问题描述

我正在查看是否可以在单个应用程序中同时使用单个用户帐户身份验证和Azure AD身份验证.框架或核心(ASP.NET).

I'm looking to see if it's possible to use both individual user accounts authentication along side Azure AD authentication in a single application. Either Framework or Core (ASP.NET).

到目前为止，这一直是Google的全部搜索工作，但我找不到任何明确表明可以做到这一点的东西.其次，除了单个广告或天蓝色广告的基础知识之外，我对身份验证应用程序不太熟悉(有据可查的示例/VS模板代码).

So far it's been all Google searching and I'm not finding anything that clearly states one can do this. Secondly, I'm not very familiar with authenticating an application aside from the basics for both individual or azure ad (well documented examples / VS template code).

非常感谢Startup.cs中的任何帮助，链接和小代码示例.

Any help, links, small code example from Startup.cs is greatly appreciated.

谢谢.

推荐答案

这个话题太广泛了，无法作为指南来回答.但是，我将尝试为您提供简要概述和足够的参考资料/示例.使用 Azure AD B2C 与 Azure AD 结合使用.我强烈建议您首先从这些链接中浏览基本概念. Azure AD B2C提供企业对客户的身份即服务.您的客户使用他们偏爱的社交，企业或本地帐户身份来单次登录访问您的应用程序和API.

It's too vast topic to put into an answer as a how-to-guide. However, I would try to give you brief overview and enough references/examples to look at. Your scenario can be better solved by using Azure AD B2C in conjunction with Azure AD. I strongly suggest you to go through the overview from those links for foundational concepts first. Azure AD B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.

在您的情况下，您需要在B2C租户中添加Azure AD作为身份提供者，并添加必需的用户流(个人/社交登录)，这将使您的用户能够使用组织(AAD)或个人/社交帐户登录通过注册. 这说明了如何在B2C中配置自定义策略，以在这种情况下将AAD添加为身份提供者.例如，此为您提供启用Azure AD和Facebook登录的指南.

In your case, you need to add Azure AD as identity provider in the B2C tenant, and add required User flow (personal/social login) which will enable your user to login with either organizational (AAD) or personal/social account by signing up. This explains how to configure custom policies in B2C to add AAD as identity provider in such case. And for example, this provides you guide to enable Azure AD and Facebook login.

现在进入代码/SDK部分，因为您已经进入C#和asp.net，因此您的一站式商店应该是新的 Microsoft身份平台具有最少的配置和代码，并且还具有很好的文档，参考资料和示例来处理最常见的情况.例如，此处供您参考，以防万一您需要.

Now coming to code/SDK part, since you are into C# and asp.net, your one stop shop should be the new Microsoft Identity Web library. It would make your life lot easier to wire up with Microsoft Identity Platform with minimal configuration and code, and also has pretty good documentation, reference and samples to handle most common scenario. For example, this is a sample for B2C. There are many more here for your reference in case you need.

我要强调您的出发点应该是 Microsoft Identity Web (用于asp.net核心).

I would emphasize your starting point should be Microsoft Identity Web for asp.net core.

这篇关于实施个人用户帐户和Azure AD身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！