Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/azure/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Azure 在Asp.NETCore3.x中实现Active Directory组_Azure_Asp.net Core_Azure Active Directory_Azure Web App Service - Fatal编程技术网
Fatal编程技术网
  • azure/
  • Azure 在Asp.NETCore3.x中实现Active Directory组

Azure 在Asp.NETCore3.x中实现Active Directory组

azure asp.net-core azure-active-directory

Azure 在Asp.NETCore3.x中实现Active Directory组,azure,asp.net-core,azure-active-directory,azure-web-app-service,Azure,Asp.net Core,Azure Active Directory,Azure Web App Service,Asp.net CORE 3.x: Azure Active Directory的身份验证工作正常。 现在,我想对所有路线的特定广告组实施授权。 如何实现此授权?使用Asp.NET核心一步一步地进行 public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfigurati

Asp.net CORE 3.x: Azure Active Directory的身份验证工作正常。 现在,我想对所有路线的特定广告组实施授权。 如何实现此授权?使用Asp.NET核心一步一步地进行

   public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = AzureADDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = AzureADDefaults.AuthenticationScheme;
        }).AddAzureAD(options => Configuration.Bind("AzureAD", options));

        services.AddAuthorization(options =>
        {
            options.FallbackPolicy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        });

        services.AddControllers();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseRouting();
        app.UseHttpsRedirection();
        app.UseCookiePolicy();
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapDefaultControllerRoute().RequireAuthorization();
            //endpoints.MapControllers();
        });
    }
}
}

谢谢你的帮助!:)

您可以在Azure AD中使用
组声明
,通过编辑清单在Azure门户中配置您的应用程序以接收组声明:

{
  ...
  "errorUrl": null,
  "groupMembershipClaims": "SecurityGroup",
  ...
}
Azure AD发布的ID令牌将在
声明中包含当前用户的组ID列表,然后在asp.net核心应用程序中,您可以通过以下方式限制访问:

services.AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser().RequireClaim("groups", "YourGroupID")
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    });
注:发件人:

如果用户是超过超龄限制的组的成员(SAML令牌为150,JWT令牌为200),则Microsoft Identity Platform不会在令牌中发出组声明。相反,它在令牌中包含一个overage声明,指示应用程序查询Graph API以检索用户的组成员资格

您的问题不清楚。问题已更新