Azure AD B2C使用现有的on-perm服务进行身份验证

时间:2019-04-02 22:19:59

标签: azure-ad-b2c

我在内部具有身份验证服务作为REST api。 存在现有用户,服务可以通过传递用户名和密码来对他们进行身份验证。 是否可以将Azure B2C配置为调用此现有身份验证REST API进行身份验证?是否有与此类似的Azure samples

1 个答案:

答案 0 :(得分:0)

您可以按照Azure AD B2C文档中the Integrate REST API claims exchanges in your Azure AD B2C user journey as validation of user input article所述将Azure AD B2C自定义策略与REST服务集成。

可以在the Wingtip sample中找到使用REST API验证用户证书的示例。

在此Wingtip示例中,声明了a technical profile,它代表REST API:

<TechnicalProfile Id="ClassicAccount-CheckPassword">
  <DisplayName>Classic Account Check Password</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ServiceUrl">https://wingtipidentityb2c.azurewebsites.net/api/account/checkpassword</Item>
    <Item Key="AuthenticationType">Basic</Item>
    <Item Key="HttpBinding">POST</Item>
    <Item Key="SendClaimsIn">Form</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="BasicAuthenticationUsername" StorageReferenceId="B2C_1A_WingTipClassicAccountClientId" />
    <Key Id="BasicAuthenticationPassword" StorageReferenceId="B2C_1A_WingTipClassicAccountClientSecret" />
  </CryptographicKeys>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="userName" />
    <InputClaim ClaimTypeReferenceId="password" />
  </InputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SSOSession-Noop" />
</TechnicalProfile>

在登录流程中,此技术资料为invoked

<TechnicalProfile Id="LocalAccount-Login">
  <DisplayName>WingTip Account</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ContentDefinitionReferenceId">api.localaccount.login</Item>
    <Item Key="setting.operatingMode">Email</Item>
    <Item Key="SignUpTarget">LocalAccountRegistrationExchange</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
    <OutputClaim ClaimTypeReferenceId="password" Required="true" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
    <OutputClaim ClaimTypeReferenceId="objectId" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="ClassicAccount-CheckPassword" />
    <ValidationTechnicalProfile ReferenceId="LocalAccount-OpenIdConnect" />
  </ValidationTechnicalProfiles>
  <UseTechnicalProfileForSessionManagement ReferenceId="SSOSession-AzureActiveDirectory" />
</TechnicalProfile>

The API implementation验证用户凭据,然后将用户帐户从SQL Server数据库迁移到Azure AD B2C目录。

(用户迁移是可选的。)

相关问题
最新问题