.net 核心中的混合身份验证与 Open Id Connect 和本地数据库 [英] Hybrid authentication in .net core with Open Id Connect and local database

问题描述

是否有一种模式来设计一个能够同时使用 Open Id Connect(在 Azure AD 中连接)和本地数据库对用户进行身份验证的应用程序?

Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database?

我正在创建的应用程序将拥有来自拥有 Azure Active Directory 的公司的用户，但也有未受雇于该公司的用户必须使用该应用程序，因为他们未在 Azure AD 中注册.

The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD.

没有 Azure AD 的身份验证方法应该使用本地数据库，而不是其他身份验证提供程序.

The authentication method without the Azure AD should use a local database, not other authentication providers.

推荐答案

您可以使用 ASP.NET Identity 来管理数据库中的本地用户，并使用 Azure AD 作为外部身份提供者，使 AAD 帐户能够登录您的应用程序.您可以识别 Azure AD 用户并链接到本地​​数据库中的用户，以便您还可以管理与本地用户和 Azure AD 用户的关系/角色.

You can use ASP.NET Identity for managing your local users in database ,and use Azure AD as external identity provider which enable the AAD accounts to login in your application . You can identify the Azure AD user and link to a user in your local DB , so that you can also manage relationship/roles both with your local users and Azure AD users .

我将提供一个简单的代码示例来说明如何实现该功能:

I will provide a simple code sample for how to implement that feature :

1. 使用 ASP.NET Identity(Individual User Accounts 模板)创建新的 .net 核心应用程序.

1. Create new .net core application with ASP.NET Identity (Individual User Accounts template).

安装包:Microsoft.AspNetCore.Authentication.AzureAD.UI

Install the package : Microsoft.AspNetCore.Authentication.AzureAD.UI

修改 Startup.cs 以启用 Azure AD 身份验证:

Modify the Startup.cs to enable Azure AD Authentication:

services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(
        Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
    .AddEntityFrameworkStores<ApplicationDbContext>();

services.AddAuthentication(sharedOptions =>
{

}).AddAzureAD(options => Configuration.Bind("AzureAd", options)).AddCookie();

修改 appsettings.json 以添加 Azure AD 应用设置:

Modify the appsettings.json to add the Azure AD app settings:

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "xxx.onmicrosoft.com",
    "TenantId": "xxxxxx-xxxxx-4f08-b544-b1eb456f228d",
    "ClientId": "xxxxx-xxxxx-4717-9821-e4f718fbece4",
    "CallbackPath": "/signin-oidc",
    "CookieSchemeName": "Identity.External"
},

用户在登录过程中可以选择本地用户或AAD用户登录.

Users could choose login with local user or AAD user during the login process .

这篇关于.net 核心中的混合身份验证与 Open Id Connect 和本地数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！