验证用户在Azure中的Active Directory;不使用SSO，但使用的用户名和密码 [英] Validate user in Azure Active Directory; Not using SSO but using username and password

问题描述

随着最近发布的Azure AD，我们想用的Azure AD为我们的web应用程序的认证，但我们不希望使用SSO。我们不希望将用户重定向到Microsoft帐户登录界面，然后再回来。我们希望与登录凭证屏幕，我们抓住他们的用户名和密码提供给他们，然后我们希望通过编程做对Azure的AD认证，并取回声明身份。

With the recent release of Azure AD, we would like to use Azure AD for our web application authentication, but we do not want to use SSO. We do not want users to be redirected to the Microsoft Account login screen, and then come back. We want to supply them with the login credential screen where we capture their username and password, and then we want to programatically do the authentication against Azure AD, and get back the claims identity.

我的问题是，我不看我怎么能做到这一点使用图形API，和所有像它可能工作的例子，只适用于previous [0.8]发布。还有那应该是工作的例子这样的组合，但他们这样做，因为新版本的不是简单的。

The problem I have is that I cannot see how I can do that using the Graph API, and all the examples that look like it might work, only works on the previous [0.8] release. There is such a mix of examples that is supposed to work, but they don't simply because of the new release.

谁能告诉我，如果这甚至有可能，也许指向我在如何做到这一点的方向吧。

Can anyone tell me if this is even possible, and maybe point me in the direction of how to do it please.

我不希望使用ACS。

推荐答案

今天你所要求的是技术上不可能与Azure的Active Directory中。这种情况可能会在将来得到支持，所以请不时。

What you are asking for is not technically possible with Azure Active Directory today. That scenario could possibly be supported in the future, so check back from time to time.

我们真正鼓励开发商依靠在浏览器中登录体验。其原因是因为浏览器允许服务器定义的经历，它允许相对于该种凭证可使用的更大的灵活性。举例来说，如果你code你的应用程序只使用用户名和密码，那么它可能需要以充分利用双因素认证的优势进行更新。如果你依赖于基于浏览器的经验，那么你的应用程序可以完全不可知的2FA是否被采用，或任何其他类型的认证舞蹈。

We really encourage developers to rely on the in browser sign in experience. The reason is that because the browser allows the server to define the experience, it allows for much greater flexibility with respect to the kinds of credentials that can be employed. For instance, if you code your app to use only username and password, then it may need to be updated in order to take advantage of two factor authentication. If you rely on the browser based experience then your app can be totally agnostic to whether 2FA is being employed, or any other kind of authentication dance.

我们认识到，有一些情形，这是不理想的，甚至实际与正在考虑的解决方案，可在将来支持这些方案

We recognize that there are some scenarios where this is not ideal or even practical and are looking at solutions to those scenarios that may be supported in the future.

这篇关于验证用户在Azure中的Active Directory;不使用SSO，但使用的用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！