在ASP.NET MVC项目的脚手架中,StartUp.Auth.cs文件当前包含以下代码:
public partial class Startup { // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login") }); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Uncomment the following lines to enable logging in with third party login providers app.UseMicrosoftAccountAuthentication( clientId: "0000000000000000", clientSecret: "xxxx-xxxxxxxxxxxxxxxxxxx-xxxxxxx"); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(); } }
取消注释app.UseXxxAuthentication()
行并添加提供者的密钥和密钥使您能够使用相应的提供程序执行OAuth登录.在封面下,这些方法使用从Owin类派生的类AuthenticationMiddleware
.
我查看了网络,但我找不到AuthenticationMiddleware
直接指向Windows Azure Active Directory实例的链接的自定义实现.有没有这样的实现?
这是使用OAuth连接到我的Windows Azure Active Directory实例的正确方法吗?
您应该可以转到您的软件包管理器,NuGet导入Windows Azure AD的Katana Owin实现,它将被列为Microsoft.Owin.Security.ActiveDirectory这是一个中间件,它使应用程序能够使用Microsoft的技术进行身份验证.截至本文的当前版本是2.0.2
一旦你有了这个,你应该能够利用中间件的AD和ADFS 2.1 oAuth令牌,如下所示:
WindowsAzureActiveDirectoryBearerAuthenticationOptions myoptions = new WindowsAzureActiveDirectoryBearerAuthenticationOptions(); myoptions.Audience = "https://login.windows.net/myendpoint"; myoptions.Tenant = "mydirectory.onmicrosoft.com"; myoptions.AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive; app.UseWindowsAzureActiveDirectoryBearerAuthentication(myoptions);
这应该使您能够让Owin中间件在此方案中使用Windows Azure AD承载身份验证.
快乐的编码!