使用Azure AD时审核SQL表 [英] Auditing SQL tables when using Azure AD

问题描述

在我们的SQL表中，我们具有诸如UpdatedBy和CreatedBy的列，并带有指向User表的引用键.这对于跟踪谁创建/更新了业务实体很有用.

In our SQL tables we have columns such as UpdatedBy and CreatedBy with a ref key to a User table. This is useful to keep track of who created/updated an business entity.

但是，我们正在从此本地User表迁移到使用Azure AD.我们将使用Azure AD在客户端应用程序中进行身份验证和授权.

However we are migrating from this local User table to using Azure AD. We will use Azure AD for authentication and authorization in our client applications.

应该不需要本地User表(或任何其他与身份相关的表，例如Role等...)，但是如何将Azure AD中的用户ID引用到我的审核列中?显然，我不能再使用带有约束的参考键了.

There should be no need for a local User table (or any other tables related to identity, such as Role etc...), but then how do I reference user ids from Azure AD into my audit columns? Obviously I can no longer have a reference key with constraint.

通常的处理方法是什么?

What is the usual approach to this?

推荐答案

您是否了解过跨域身份管理系统(SCIM)?您可以提供开箱即用的机制来同步在Azure AD中创建的用户和组.

Did you read about System for Cross-Domain Identity Management (SCIM)? You can provide out of the box mechanism for syncing Users and Groups created in the Azure AD.

有关如何执行此操作的整个教程:

There is a whole tutorial about how to do that:
https://docs.microsoft.com/en-gb/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#step-4-integrate-your-scim-endpoint-with-the-azure-ad-scim-client

由Microsoft https://github.com创建的C#中有一个随时可用的基于CRUD和SCIM的应用程序./AzureAD/SCIMReferenceCode

There is a ready to go CRUD and SCIM based application in C# created by Microsoft https://github.com/AzureAD/SCIMReferenceCode

这将为您提供解决方案，例如在Azure AD删除用户但您要保留该用户时该怎么做.

That will give you a solution what to do for example when Azure AD is removing the user, but you want to keep it.

这篇关于使用Azure AD时审核SQL表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！