问题
I'm currently developing an .Net MVC application with a Web.API backend both of which use ADFS 2016 for authentication. The Web.API itself is working as expected however I am having some issues with the ADFS configuration for the MVC application itself.
Based on this guide https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-oauth-confidential-clients-with-ad-fs-2016 I can configure a new Server Application in ADFS and use those details in my MVC app to authenticate users via ADFS and subsequently request an authorization code for the Web.API back-end on behalf of the current user. However the problem is that I cannot customise the claims that are issued to the MVC application in the id_token with properties from Active Directory and from my current research don't think this is actually possible?
Alternatively, based on this guide: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/customize-id-token-ad-fs-2016 if I configure a Native Application and Website in ADFS and use those details in my MVC app I can customise the claims that are issued in the id_token to my hearts content but I don't know how to request an access token for the back-end Web.API.
Sorry if the background has gone on for a while but is it possible with the latter scenario for me to request an access token for the back-end API? If so how?
Any help greatly appreciated!
来源:https://stackoverflow.com/questions/44569544/adfs-2016-mvc-and-web-api-tokens-and-claims