检查用户是否是某些Azure Active Directory租户的成员 [英] Check if an user is member of some Azure Active Directory Tenant

问题描述

如果我有电子邮件示例"abc@xyz.com".对于使用AAD身份验证的应用程序，如果xyz.com是AAD租户的域，则登录时我将重定向到该租户的主页.如果是gmail/outlook/yahoo，我会被发送到live.com，其他人会说我们找不到帐户".

If I have an email example "abc@xyz.com". For an application that uses AAD authentication, If xyz.com is a domain for an AAD tenant, while login I will redirected to that tenant's home page. If it is gmail/outlook/yahoo I will be sent to live.com and others it will say "we could not find an account".

如果我想在代码中实现这种功能?检查它是否是某些"租户的一部分(可能不属于我的订阅)，或者是否将其视为实时租户(gmail或yahoo).

If I want to achieve this kind of functionality in code? checking if It is part of "some" tenant (may be not part of my subscription) or if it will be treated as live (gmail or yahoo).

推荐答案

您是在谈论Azure AD B2C还是Azure AD?因为Azure AD不支持Google/Yahoo等帐户. 普通" Azure AD仅支持LiveID作为外部帐户.

Are you talking about Azure AD B2C, or just Azure AD? Because Azure AD does not support Google/Yahoo, etc. accounts. The "normal" Azure AD only supports LiveID as external accounts.

您要实现的目标称为家庭领域发现"，您无法完全自动化.但是，当您首先向用户询问其电子邮件地址，然后将其作为

What you are trying to achieve is called Home-Realm Discovery and you cannot fully automate it. You can however get pretty close when you first ask your user for their e-mail address and then pass it to the Azure AD sign-in request message as login_hint optional parameter. This will trigger the Home-Realm discovery mechanism on the Azure AD side and will do the respective actions - either redirect the user to the LiveID login page, or prompt the user for his credentials (including custom branding if configured for the users tenant).

这篇关于检查用户是否是某些Azure Active Directory租户的成员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！