英文:
Does Microsoft Identity Platform support Azure Active Directory App's client secrets out of the box?
问题
我使用Visual Studio 2022创建了一个新的ASP.NET Core 6.0 MVC Web应用程序,并定义其使用Azure AD进行身份验证,如下所示:
然后,我被要求创建一个拥有的应用程序,所以我创建了一个名为“ad”的应用程序,如下所示:
在我的应用程序的appsetting.json中,我有以下设置:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "*****",
"TenantId": "***",
"ClientId": "***",
"CallbackPath": "/signin-oidc"
},
....
}
看起来Visual Studio为我们完成了所有工作。
但当我在Azure门户中检查生成的Azure AD应用程序的“证书和密钥”时,我发现没有任何内容被分配:
[
所以现在我们要生成一个客户端密钥,但不确定我需要在我的ASP.NET Core MVC 6.0中修改什么来传递客户端密钥?谢谢。
英文:
I created a new ASP.NET Core 6.0 MVC web application using Visual Studio 2022, and I define it to use Azure AD for authentication, as follows:
Then I was asked to create an owned application, so I created one named "ad" as follows:
Inside my application's appsetting.json I have these settings:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "*****",
"TenantId": "***",
"ClientId": "***",
"CallbackPath": "/signin-oidc"
},
....
}
It seems Visual Studio did all the work for us.
But when I checked the "Certificate & Secrets" in the Azure portal for the generated Azure AD APP, I found that there is not anything assigned:
So now we are going to generate a client secret, but not sure what i need to modify inside my ASP.NET Core MVC 6.0 to pass the client secret ? Thanks
答案1
得分: 1
>So now we are going to generate a client secret, but not sure what i need to modify inside my ASP.NET Core MVC 6.0 to pass the client secret ?
我们现在要生成一个客户端密钥,但不确定我需要在我的ASP.NET Core MVC 6.0中修改什么以传递客户端密钥?
The Microsoft Identity Platform does not necessarily require the use of a client secret for all scenarios, but it is an option for securing access to resources protected by a web API.
Microsoft身份平台并不一定需要在所有情况下使用客户端密钥,但它是一种用于保护访问由Web API保护的资源的选项。
This means if you don't select the add permission to another API or graph api, it will not generate the secret, since this is no need.
这意味着如果您不选择为另一个API或Graph API添加权限,它将不会生成密钥,因为这是没有必要的。
Normally, if the application is a single-page app running in a browser and using an access token obtained through an interactive login.
通常,如果应用程序是在浏览器中运行的单页应用程序,并且使用通过交互式登录获得的访问令牌。
>(if i do not specify any client secret) my Azure Active Directory app can be called by anonymous users?
如果我没有指定客户端密钥,我的Azure Active Directory应用程序是否可以被匿名用户调用?
It's impossible, if you set the authentication tag inside your application's controller like this, this will only let authenticated users access the controller.
这是不可能的,如果您像这样在应用程序的控制器中设置身份验证标记,那么只有经过身份验证的用户才能访问控制器。
[Authorize]
public class HomeController : Controller
>do you know how I can pass the client secret from my ASP.NET Core MVC to Azure AD app in case I specify a client secret?
你知道我如何在我指定客户端密钥的情况下,从我的ASP.NET Core MVC传递客户端密钥到Azure AD应用程序吗?
The client secret is used to generate the server-to-server access token, if you want to use it, you could try it like this answer.
客户端密钥用于生成服务器到服务器的访问令牌,如果您想使用它,可以尝试这样做答案。
英文:
>So now we are going to generate a client secret, but not sure what i need to modify inside my ASP.NET Core MVC 6.0 to pass the client secret ?
The Microsoft Identity Platform does not necessarily require the use of a client secret for all scenarios, but it is an option for securing access to resources protected by a web API.
This means if you don't select the add permission to another API or graph api, it will not generate the secret, since this is no need.
Normally, if the application is a single-page app running in a browser and using an access token obtained through an interactive login.
>(if i do not specify any client secret) my Azure Active Directory app can be called by anonymous users?
It's impossible, if you set th authetnication tag inside your application's controller like this, this will only let authentication user access the controller.
[Authorize]
public class HomeController : Controller
>do you know how i can pass the client secret from my asp.net core mvc to Azure AD app incase i specify a client secret ?
The client secret is used to generate the server to sever aces token, if you want to use it, you could try it like this answer.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论