本文介绍了条件访问和oauth2代码流的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Hallo,

我早上在网上搜索并阅读了许多ms文档,但找不到以下问题的答案.

I searched the web and read a lot of ms docs over the morning but I can't find an answer to the following problem.

我们有一个Web应用程序已部署在Azure的某些虚拟机上.对于用户身份验证,我们使用Azure AD,并使用OAuth 2.0代码授予流程.为了防止某些IP范围登录,我为注册的用户添加了条件访问策略 应用程序.但是无论我做什么,我都可以在https://login.microsoftonline.com/xyz/oauth2/authorize?client_id=abc&response_type=code打开登录页面,当我输入登录凭据时,我将被转发到配置的应用程序网址.验证码 添加到url中,仍然可以用来检索访问令牌.

We have a web application that's deployed on some virtual machine in Azure. For user authentication, we use Azure AD and we use the OAuth 2.0 code grant flow. To prevent some IP ranges from logging in, I added a conditional access policy for the registered app. But whatever I do, I can open the login page at https://login.microsoftonline.com/xyz/oauth2/authorize?client_id=abc&response_type=code and when I enter my login credentials, I will be forwarded to the configured app url. The auth code which is added to the url can still be used to retrieve an access token. 

当我添加其他策略(例如使用条款)并将其添加到应用程序Azure管理中时,我收到一条消息,提示我必须接受TOA.

When I add another policy (e.g. for terms of use) and add it to the app Azure Management, I get a message saying that I have to accept the TOA. 

因此,有条件访问不能以我理解的方式工作或配置错误.

So, either conditional access doesn't work the way I understand it or misconfigured something. 

我想念什么?

约翰内斯


推荐答案

广告TOU政策时,如果是对用户强制执行的,则至少需要在第一时间接受其使用条款.

When you ad a TOU policy you will need to accept the terms of use at least the first time if it's enforced for your user.


这篇关于条件访问和oauth2代码流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-17 00:10
查看更多