问题描述
我已经在azure中创建了两个活动目录,它们与两个不同的本地活动目录(两个不同的companey)连接
我有一个我想要两个Azure活动目录的应用程序用户可以在同一应用程序实例上登录,但我不想托管两个应用程序实例。
身份验证后,我需要检查用户属于哪个活动目录。 / p>
由于我最近三天都在挣扎,因此任何帮助将不胜感激
您需要创建一个多租户应用程序,例如pksorensen的注释状态。本质上,您要做的就是在一个目录中注册该应用程序并更新其配置,使其具有多租户功能(在下面的链接中讨论)。当来自另一个目录的用户登录到该应用程序时,您的应用程序将通过点击Azure AD的公共身份验证终结点(与您的特定于租户的身份验证终结点)来启动同意流程,然后显示一个同意对话框。用户同意后,Azure AD在另一个目录中注册该应用程序。
有关实现此方案所需的所有信息:
- 主题及其部分介绍了协议流的技术细节及其全部工作原理
I have created two active directory in azure which connect with two different local active directory (two different companey)
I Have application in which i want both azure active directory user can login on same instance of application i don't want to host two instance of application .
After authentication i need to to check from which active directory user belongs .
Any Help would be really appreciated since i am struggling from last three days
You need to create a multi-tenant application, like pksorensen's comment states. Essentially what you want to do is register the application in one of your directories and update its configuration to make it multi-tenant capable (discussed in the links below). When a user from another directory signs in to the application, your app starts a consent flow by hitting Azure AD's common authentication endpoint (different from your tenant-specific one), and then displays a consent dialog. After the user consents, Azure AD registers the application in the other directory.
All the information you need about implementing this scenario:
- Brand new code sample for a multi-tenant web application with sign-on
- Info about multi-tenant apps, how to make an application multi-tenant, and the consent experience
- The Authentication Scenarios for Azure AD topic and its Web Browser to Web Application section that describes the technical details of the protocol flow and how it all works
这篇关于如何在Azure中在单个应用程序上对多个Active Directory用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!