问题
after several days of searching, reading and trial and error i definitely need some help.
The Situation: I need to create a Web-Application using MVC where users are authenticated against an AD using ADFS. But they do not want to store the Roles and further Informations into the AD. So i need to read and store those informations somewhere else. My first thougt was to use the same infrastructure which VS sets up when i created a new Web-Application and choose "Individual User Accounts".
What i've done so far:
- I created a new Projekt in VS and implemented the authentication against the AD using the ADFS (using this really helpful link(http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/). Works fantastic.
- Start eating my Keyboard because i can't get the next step done.
My Question/s: Is this possible to authenticate users using the ADFS and retrieve further informations (like Roles, other properties (e.g. Department)) about the logged in user by using / extending the ASP.NET Identity Framework? Does someone have a nice link?
I'd be glad for any help.
回答1:
The problem you have is that you have to map the AD claims to the ASP.NET Identity via some kind of primary key.
Good link here : Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on (C#).
(With ADFS 4.0 (Server 2016) you will be able to use a SQL DB for authentication and authorization).
回答2:
No need to do the work in your web app...
You can simply have ADFS source the claim info from a SQL database.
Do Add Attribute Store..
Set Attribute store type to SQL
Enter a Display name and your Connection string
Then when adding the claim to the relying party choose a Claim type of "... Custom Rule" and have the query you enter fetch the attributes from your DB.
There's a pretty good walkthru with more details in TechNet
来源:https://stackoverflow.com/questions/35383189/authentication-against-adfs-authorization-against-sql-server