如何在 Azure B2B 和 B2C 之间进行联合 [英] how to federate between Azure B2B and B2C
问题描述
我们正在设计一个供客户的员工、他们的一些供应商和消费者使用的应用程序.所有这三种类型的用户都将拥有不同的权限.
We are designing an application which will be used by client's employee, some of their vendors and consumers as well. All of these three types of user will have the different set of rights.
我们在分析 Azure AD 时发现,Azure B2B 可用于员工和供应商,而 B2C 可用于消费者.所以,我们两个都需要.我们是否可以设置我们的应用程序,使其能够同时从 B2B 和 B2C 进行身份验证?或任何其他实现这一点的建议.
We were analyzing the Azure AD and found that Azure B2B can be used for employees and vendors whereas B2C can be used for consumers. So, we need both of them. Can we setup our application in such a way that if can authenticate from B2B and B2C both? Or any other suggestion to implement this.
提前致谢
推荐答案
您可以完全设置一个应用程序来对多个目录进行身份验证.
You can totally setup an app to authenticate with multiple directories.
设置一个供员工使用的 Azure AD,可以通过 B2B 添加合作伙伴.然后还为客户建立一个 B2C 目录.
Setup one Azure AD that will be used by employees, where partners can be added through B2B. Then also setup a B2C directory for the customers.
在您的应用端,您需要为用户显示一个选择:他们是想以员工/合作伙伴身份还是以客户身份登录.然后您重定向到正确的登录页面.
On your app side you need to display a choice for the user: if they want to sign in as an employee/partner or as a customer. Then you redirect to the correct sign-in page.
您需要定义应用两次,一次在两个目录中.
You'll need to define the app twice, once in both directories.
实际实现会因您的技术堆栈而异,但在 ASP.NET Core 中,您需要设置多个 Open ID Connect 中间件.而且他们都不能使用 AutomaticChallenge,因为您确实需要知道将用户重定向到哪里,您无法真正为他们选择.
The actual implementation will vary based on your tech stack, but in ASP.NET Core you would need to setup multiple Open ID Connect middleware. And none of them can use AutomaticChallenge, as you do need to know where to redirect the user, you can't really choose for them.
更新到 B2C 让您现在就可以从那里完成所有工作
Azure AD B2C 现在允许自定义策略(预览功能).这意味着您可以使用任何 OpenId Connect 提供程序进行登录,当然包括 Azure AD.
Azure AD B2C now allows custom policies (preview feature). This means you can use any OpenId Connect provider for sign-in, including Azure AD of course.
这项新功能允许您:
- 使用自定义策略创建 B2C 租户,用于通过 Azure AD 进行员工/合作伙伴登录
- 让所有用户向您的 B2C 租户进行身份验证
- 用户可以选择是否要使用社交帐户登录,或者他们是员工还是合作伙伴
- 如果他们选择以员工或合作伙伴身份登录,他们将被重定向到您的 Azure AD
- 最后,您的应用会从 B2C 获得一个令牌,告知用户登录的位置,然后您就可以根据该信息进行授权
这篇关于如何在 Azure B2B 和 B2C 之间进行联合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
