使用ADAL库获取WAAD的令牌我想知道如何更好地控制登录流程。
var ac = new AuthenticationContext("https://login.windows.net/" + ActiveDirectoryTenantId);
AuthenticationInfo = ac.AcquireToken(
resource: "https://management.core.windows.net/",
clientId: "1950a258-227b-4e31-a9cf-717495945fc2",
redirectUri: new Uri("urn:ietf:wg:oauth:2.0:oob"));
提示用户登录。对我而言,它是通过Live Id,对于我的客户的计算机,它是通过组织帐户,并且无法在它们之间切换。它似乎取决于计算机可能已经运行的当前会话/已经登录到azure。
我可以在AcquireToken调用中执行任何操作来控制此操作吗? 如果我可以在人们登录Azure时触发正常流程,那么他们可以选择是实时ID还是组织登录。
我试过这个:
ac.AcquireToken("https://management.core.windows.net/",
"1950a258-227b-4e31-a9cf-717495945fc2",
new Uri("urn:ietf:wg:oauth:2.0:oob"), PromptBehavior.Always,"wtrealm=urn:federation:MicrosoftOnline");
没有运气。
答案 0 :(得分:1)
我发现了一些似乎可以提供更多控制的魔法技巧。
// ID for site to pass to enable EBD (email-based differentiation)
// This gets passed in the call to get the azure branding on the
// login window. Also adding popup flag to handle overly large login windows.
internal const string EnableEbdMagicCookie = "site_id=501358&display=popup";
private void ClearCookies()
{
NativeMethods.InternetSetOption(IntPtr.Zero, NativeMethods.INTERNET_OPTION_END_BROWSER_SESSION, IntPtr.Zero, 0);
}
private static class NativeMethods
{
internal const int INTERNET_OPTION_END_BROWSER_SESSION = 42;
[DllImport("wininet.dll", SetLastError = true)]
internal static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer,
int lpdwBufferLength);
}