问题
In our SQL tables we have columns such as UpdatedBy and CreatedBy with a ref key to a User table. This is useful to keep track of who created/updated an business entity.
However we are migrating from this local User table to using Azure AD. We will use Azure AD for authentication and authorization in our client applications.
There should be no need for a local User table (or any other tables related to identity, such as Role etc...), but then how do I reference user ids from Azure AD into my audit columns? Obviously I can no longer have a reference key with constraint.
What is the usual approach to this?
回答1:
Did you read about System for Cross-Domain Identity Management (SCIM)? You can provide out of the box mechanism for syncing Users and Groups created in the Azure AD.
There is a whole tutorial about how to do that:
https://docs.microsoft.com/en-gb/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#step-4-integrate-your-scim-endpoint-with-the-azure-ad-scim-client
There is a ready to go CRUD and SCIM based application in C# created by Microsoft https://github.com/AzureAD/SCIMReferenceCode
That will give you a solution what to do for example when Azure AD is removing the user, but you want to keep it.
来源:https://stackoverflow.com/questions/62290473/auditing-sql-tables-when-using-azure-ad