azure-active-directory

问题 To run applications in Azure, I need to create an Application in Azure AD and a corresponding Service Principal. Then my application authenticates against this App/Principal pair. To authenticate, I can create an application key in the App registration, or I can create a password in the Service Principal (among other options). What's the difference from a practial standpoint? For example, this code runs exactly the same (from the outside) whether the $key is the App's key or the Service

问题 I have the following function to call users from active directory use graph api. This function is hit on each keyup of a text box. But i am getting following error Code: TokenNotFound Message: User not found in token cache. Maybe the server was restarted. at the line var user = await graphClient.Users.Request().GetAsync(); Entire function Below: public async Task<string> GetUsersJSONAsync(string textValue) { // email = email ?? User.Identity.Name ?? User.FindFirst("preferred_username").Value;

问题 We are using Azure AD to authenticate and get the refreshed access token every 30 mins. We invoke below method which acquires security token and add it to request header. var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectId)); var credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"], ConfigurationManager

问题 I would like to log the following in my telemetry for diagnostic and usage purposes: Azure Subscription ID AAD Tenant ID AAD App Client ID Should I treat them as secrets/PII and hash/encrypt them? (it goes without saying I will not be retaining the client secret in any way shape or form) 回答1: Ultimately, you should determine what to log and how, from a compliance/privacy/security perspective, based on official and compliance/privacy/security reviews and certifications within your company or

问题 I would like to log the following in my telemetry for diagnostic and usage purposes: Azure Subscription ID AAD Tenant ID AAD App Client ID Should I treat them as secrets/PII and hash/encrypt them? (it goes without saying I will not be retaining the client secret in any way shape or form) 回答1: Ultimately, you should determine what to log and how, from a compliance/privacy/security perspective, based on official and compliance/privacy/security reviews and certifications within your company or

问题 I have an Angular application which talks to several WEB API's to provide an interacted UI. I am finding really hard time in finding a way to. I am following this article which explains the Angular part of it. I am able to get the token at client side. How can my dot net core web API validate the token if the client sends this id token? 回答1: You can use JwtBearer middleware which enables an application to receive an OpenID Connect bearer token. In this document it provides code sample . Or

问题 Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database? The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD. The authentication method without the Azure AD should use a local database, not other authentication providers. 回答1: You can use ASP.NET Identity

问题 Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database? The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD. The authentication method without the Azure AD should use a local database, not other authentication providers. 回答1: You can use ASP.NET Identity

问题 Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database? The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD. The authentication method without the Azure AD should use a local database, not other authentication providers. 回答1: You can use ASP.NET Identity

问题 I'm facing a very strange issue related to Azure AD and Azure App Service (Web App). I have a SPA built with Angular 1.5 + ADAL.JS, WebAPI (hosted on App Service) and Azure AD. I've created two applications into my Azure AD directory: - one native (SPA) - one web application (WebAPI). The Login and Logout workflows are working fine locally and on Azure. However, when I'm running on Azure and checking if an user is member of a group, the ClaimsPrincipal.Current.Claims only have one Claim. (I