与MVC蔚蓝活动目录，在客户端和资源标识相同应用 [英] Azure Active Directory with MVC, the client and resource identify the same application

问题描述

跟进这个问题：

<一个href=\"http://stackoverflow.com/questions/29681302/how-to-do-both-azure-active-directory-single-sign-on-and-forms-authentications-o\">How两者都做的Azure Active Directory的单点登录和ASP.NET MVC窗体认证

我曾尝试写在默认的MVC 4的登录操作，它使用两个默认的窗体身份验证和Azure的Active Directory的SSO简单code：

I have tried writing the simple code on Login action of default MVC 4 which uses both default Forms Authentication and Azure Active Directory SSO:

public async Task<ActionResult> Login(LoginModel model, string returnUrl)
{
    if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
    {
        return RedirectToLocal(returnUrl);
    }

    authContext = new AuthenticationContext(authority, new TokenCache());
    var result = await authContext.AcquireTokenAsync(resourceId, clientId, new UserCredential(model.UserName, model.Password));

    // more code
}

所以，如果正常登录 WebSecurity.Login 不成功，我尝试使用ADAL.NET与凭据（用户名/密码）下面这个帖子收购AAD令牌：<一href=\"http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/\" rel=\"nofollow\">http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

So if the normal Login WebSecurity.Login is not successful, I try to acquire token from AAD by using ADAL.NET with credential (username/password) following this post: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

在运行的应用程序，我从Azure中得到了错误：

When running application I got the error from Azure:

AADSTS90027：客户机[客户端Id]和资源[ResouceId]'标识相同的应用程序

AADSTS90027: The client '[ClientId]' and resource '[ResouceId]' identify the same application.

我不知道是否真的有意义直接在MVC登录使用行动与ADAL凭证。请人给我一个提示上这个东西。

I am not sure whether it really makes sense to use ADAL with credential directly on MVC Login action. Please someone give me a hint on this stuff.

推荐答案

ADAL并不意味着在登录网络实现在Web应用程序。 ADAL帮助应用程序获得令牌访问其他资源：换句话说，它可以帮助你的应用程序是一个客户端。此外，由于它是指只在本机应用中使用的用户名/密码不在网络应用可用。
为了同时使用FormsAuth和Azure的广告，请考虑增加这两个ASP.NET身份中间件和连接的OpenID中间件。中的OpenID连接中间件是应该实现的Web SSO与Azure的广告中使用该库。

ADAL is not meant to achieve web sign-on in a web application. ADAL helps an application to obtain a token for accessing another resource: in other words, it helps your application to be a CLIENT. Moreover, the username/password is not available in web apps as it is meant to be used only in native applications. In order to use both FormsAuth and Azure AD, please consider adding both the ASP.NET identity middleware and the OpenId Connect middleware. The OpenId Connect middleware is the library one should use for achieving web SSO with Azure AD.

这篇关于与MVC蔚蓝活动目录，在客户端和资源标识相同应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！