问题描述
我已经开发了一个Sharepoint Webpart.该组件的目的很简单,可以在de Sharepoint内嵌的外部网站中对用户进行身份验证.外部网站使用Azure AD登录用户.
I have developed a Sharepoint Webpart. The aim of this component is simple, authenticate the user in an external website that is embedded inside de Sharepoint. The external website uses Azure AD to login the users.
以下是我遇到的问题.我知道如何获取访问令牌,并且该组件可以正常工作,并且存在很大的安全漏洞.
The problem that I have is the following. I know how to get obtain an access token, and the component works fine, with a great security leak.
这是我拥有的
public render(): void {
token="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
<iframe img src="https://www.example.org/oauthCallback.html?token="+token/>
}
由于这个原因,我正在尝试更改为以下内容:
For this reason, I'm trying to change for something like:
public render(): void {
<iframe img src="Azure redirection"/>
}
Azure重定向->使用Azure AD验证用户上下文->将回调重定向到 https://www.example.org/oauthCallback.html
Azure redirection -> verify the user context with Azure AD -> redirect the callback to https://www.example.org/oauthCallback.html
我想使用Azure AD来确保此过程的安全,但是我不知道该怎么办.
I want securize this process with Azure AD, but I don't know how to do.
有什么主意吗?
致谢
推荐答案
我从未遇到过这种情况.通常,在访问网站时,我们会使用Azure AD和登录窗口弹出窗口来保护网站.或使用Azure AD保护Webapi,然后使用客户端部件中提供的访问令牌访问该API. 此处是示例水疗中心.
I have never encountered such scenario. We usually will protect an website with Azure AD and login window popup when access the website. Or protect an webapi with Azure AD, then access the api with access token provided in an client part. Here is the sample of spa.
这篇关于如何在WebPart中使用Azure AD进行安全化重定向?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!