AD缓存组成员身份

AD缓存组成员身份

本文介绍了使用Graph API从Azure AD缓存组成员身份的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在我的网站中使用图形API客户端库用于安全性检查用户是否属于组的API项目.我意识到它太慢了,几乎要花2秒钟来查询Azure AD.有没有办法缓存此信息?还是有人对如何处理这种情况有任何建议?

I'm using the Graph API Client library in my Web API project to check if the user belongs to a Group for security reasons. I realized that it is too slow, it takes almost 2 seconds to query the Azure AD. Is there a way to cache this information? Or does someone have any advice on how to handle this situation?

推荐答案

而不是尝试对其进行缓存,应该利用Azure AD中的新组声明功能.这会将组成员身份声明作为JWT令牌中的声明传递给您的Web API应用程序,以供您的身份验证用户使用.

Rather than trying to cache this you should leverage the new group claims feature in Azure AD. This will deliver group membership claims to your Web API application as claims in the JWT token for your authenticated user.

这是Azure AD博客中描述该功能的链接.

Here is a link from the Azure AD blog describing the feature.

http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles. aspx

这是我最近在此主题上写的博客的链接,该博客显示了如何通过Web API进行此操作.

Here is a link to blog I recently wrote on this subject that shows how to do this from your Web API.

http://justazure.com/azure-active-directory -part-4-group-claims/

这篇关于使用Graph API从Azure AD缓存组成员身份的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 18:49