我该如何与Azure的AD安全的Azure的移动服务？ ADAL.JS [英] How do I secure an Azure Mobile Service with Azure AD? ADAL.JS

问题描述

我已经创建了我的Azure AD的应用程序。我切换到移动服务并转到身份标签。对于MS身份是要求一个客户端ID。我发现，在Azure中AD配置选项卡中的客户端ID。

不过，我不知道用什么客户端秘密和包装SID。它看起来像它期待您使用的是Windows应用商店的应用程序来访问服务，而不是一个Javascript应用程序，它就是我一起工作。

所以，我的问题是，你如何与Azure的AD当AngularJS Web应用程序访问该服务的一个固定的Azure移动服务？

（我不希望使用谷歌，因为我要控制在可以访问此用户，所以我将手动将用户添加到Azure的AD，我要授予访问该服务。）

更新：

每答案下面我试图使用ADAL.JS.据主要工作的下列问题。

1. 铬紧锁定了 - 它不工作




2. 在使用Microsoft帐户添加到我的Azure AD域，它只是进入一个循环，并保持重定向我。

解决方案

在移动业务识别配置，Azure的AD为你问，下面的参数请

• 应用网址


• 客户端ID


• 允许租户

包装SID是与MSA账号认证。 Azure的AD是最后一个在底部。

参见：<一href=\"http://azure.microsoft.com/en-us/documentation/articles/mobile-services-how-to-register-active-directory-authentication\"相对=nofollow>注册您的应用程序来使用Azure的Active Directory帐户登录

在Azure中AD，你需要创建一个应用程序，该客户端ID和App ID URI与移动业务侧的信息相匹配。

其他重要信息在这里填写：

• 回复网址：你应该有你的web应用程序的URI（托管角）
条目

• 允许的启用单点登录和读取用户的配置文件的委派权限


• 允许通过编辑OAuth的隐性流动和更新应用程序清单文件

有关更详细的步骤可循，特别是关于我的列表中最后一项，看看这个样本
https://github.com/AzureADSamples/SinglePageApp-AngularJS-DotNet 以及其自述

一旦你获得通过ADAL.JS库的访问令牌，那么你可以使用它来调用移动服务的登录方法只是提供合适的身份验证提供者的名称，并与ADAL.JS检索访问令牌

使用ADAL.JS，而不是移动服务SDK获得访问令牌让你也刷新令牌回来，你可以缓存和存储自动访问令牌更新;避免有输入凭据每次用户

I have created an application in my Azure AD. I switch into the Mobile Service and go to the identity tab. For MS identity is asks for a client ID. I found the Client ID in the Azure AD configure tab.

However, I had no idea what to use for Client Secret and Package SID. It seems like it is expecting you are using a Windows Store app to access the service rather than a Javascript app which is what I am working with.

So, my question is, how do you secure an Azure Mobile Service with Azure AD when an AngularJS web application is accessing the service?

(I don't want to use google, because I want to control the users that can access this, so I will manually add the users to the Azure AD that I want to grant access to the service.)

UPDATE:

Per the answer below I have attempted to use ADAL.JS. It is "mostly working" with the following issues.

1. Chrome locks up tight - it doesn't work.

2. When using a Microsoft Account added to my Azure AD domain, it just goes into a loop and keeps redirecting me.

解决方案

In Mobile Service Identity configuration, for Azure AD as you ask, following parameters are requested

• App URL
• Client ID
• Allowed Tenants

Package SID is related to MSA account authentication. Azure AD is last at the bottom.

Refer to: Register your apps to use an Azure Active Directory Account login

In Azure AD, you need to have created an application, that matches the Client ID and App ID URI with the information in the Mobile Service side.

Other important information to fill in here:

• Reply URL: you should have an entry with the URI of your web application (hosting Angular)
• Allow Enable single sign-on and read users' profiles as Delegated Permission
• Allow OAuth implicit flow by editing and updating the application manifest file

For more detailed steps to follow, especially about last item in my list, look at this sample https://github.com/AzureADSamples/SinglePageApp-AngularJS-DotNet and its README

Once you've obtained the access token via ADAL.JS libraries, then you can use it to call login method of Mobile Service just providing the right authentication provider name, and the access token retrieved with ADAL.JS

Using ADAL.JS instead of Mobile Services SDK for obtaining the access token gives you also the refresh token back, which you can cache and store for automatic access token renewal; avoiding to have the user entering credentials every time

这篇关于我该如何与Azure的AD安全的Azure的移动服务？ ADAL.JS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！