如何制作一个背面有两个Azure Active Directory的登录页面? [英] How to make a login page with two Azure Active Directories in the back?

问题描述

我想创建一个身份验证页面，该页面允许用户在两​​个蔚蓝的活动目录之间进行选择.然后，他们可以输入用户名和密码并进行身份验证.然后他们可以使用该应用程序(如果获得授权).

I want to make an authentication page which allows a user to pick between two azure active directories. They can then enter their usernames and passwords and authenticate. Then they can use the application if authorised.

我将如何实施身份验证页面?我不完全了解如何在两个不同的活动目录之间实现连接.

How would I go about implementing the authentication page? I don't completely understand how to implement a connection between two different active directories.

推荐答案

您可以通过以下方法在应用程序注册的属性页上找到"Multi-Tenanted"开关，从而使您的应用程序成为多租户 Azure门户并将其设置为是".

You could make your application multi-tenant by finding the "Multi-Tenanted"switch on the properties page of your application registration in the Azure portal and setting it to "Yes".

对于多租户应用程序，请求将发送到在所有Azure AD租户之间进行多路复用的终结点:https://login.microsoftonline.com/common.当Azure AD在/common终结点上收到请求时，它将用户登录并因此发现用户来自哪个租户.您无需让用户选择他要登录的目录.

With a multi-tenant application, requests are sent to an endpoint that multiplexes across all Azure AD tenants: https://login.microsoftonline.com/common .When Azure AD receives a request on the /common endpoint, it signs the user in and as a consequence discovers which tenant the user is from. You don't need to let user choose which directory he want to login .

请单击此处了解有关如何使用多租户应用程序模式登录任何Azure Active Directory(AD)用户的更多信息. 此处是一个代码示例，展示了如何构建一个多租户.Net MVC Web应用程序，该应用程序使用OpenID Connect来注册和登录任何Azure Active Directory租户中的用户.

Please click here for more about how to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern . And here is a code sample shows how to build a multi-tenant .Net MVC web application that uses OpenID Connect to sign up and sign in users from any Azure Active Directory tenant .

此外，如果要在Azure AD上使用多租户应用程序时限制某些租户，则可以通过检查JWT令牌中的tenantID(tid)声明，在应用程序中自己的代码中执行验证.

In addition ,if you want to restrict certain tenants when using multi-tenant applications on Azure AD , you can perform validation in your own code in application by checking the tenantID (tid) claim in JWT token .

这篇关于如何制作一个背面有两个Azure Active Directory的登录页面?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！