如何制作一个背面有两个Azure Active Directory的登录页面? [英] How to make a login page with two Azure Active Directories in the back?
问题描述
我想创建一个身份验证页面,该页面允许用户在两个蔚蓝的活动目录之间进行选择.然后,他们可以输入用户名和密码并进行身份验证.然后他们可以使用该应用程序(如果获得授权).
I want to make an authentication page which allows a user to pick between two azure active directories. They can then enter their usernames and passwords and authenticate. Then they can use the application if authorised.
我将如何实施身份验证页面?我不完全了解如何在两个不同的活动目录之间实现连接.
How would I go about implementing the authentication page? I don't completely understand how to implement a connection between two different active directories.
推荐答案
您可以通过以下方法在应用程序注册的属性页上找到"Multi-Tenanted"开关,从而使您的应用程序成为多租户 Azure门户并将其设置为是".
You could make your application multi-tenant by finding the "Multi-Tenanted"switch on the properties page of your application registration in the Azure portal and setting it to "Yes".
对于多租户应用程序,请求将发送到在所有Azure AD租户之间进行多路复用的终结点:https://login.microsoftonline.com/common
.当Azure AD在/common终结点上收到请求时,它将用户登录并因此发现用户来自哪个租户.您无需让用户选择他要登录的目录.
With a multi-tenant application, requests are sent to an endpoint that multiplexes across all Azure AD tenants: https://login.microsoftonline.com/common
.When Azure AD receives a request on the /common endpoint, it signs the user in and as a consequence discovers which tenant the user is from. You don't need to let user choose which directory he want to login .
请单击此处了解有关如何使用多租户应用程序模式登录任何Azure Active Directory(AD)用户的更多信息. 此处是一个代码示例,展示了如何构建一个多租户.Net MVC Web应用程序,该应用程序使用OpenID Connect来注册和登录任何Azure Active Directory租户中的用户.
Please click here for more about how to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern . And here is a code sample shows how to build a multi-tenant .Net MVC web application that uses OpenID Connect to sign up and sign in users from any Azure Active Directory tenant .
此外,如果要在Azure AD上使用多租户应用程序时限制某些租户,则可以通过检查JWT令牌中的tenantID(tid)声明,在应用程序中自己的代码中执行验证.
In addition ,if you want to restrict certain tenants when using multi-tenant applications on Azure AD , you can perform validation in your own code in application by checking the tenantID (tid) claim in JWT token .
这篇关于如何制作一个背面有两个Azure Active Directory的登录页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!