dongxian7194 2018-04-22 00:44 采纳率: 0%
浏览 47
已采纳

在没有oAuth的情况下针对Azure AD验证用户凭据

I am looking to use Azure AD as my authentication system but do not want to bounce my users out to the Microsoft login page as it is disruptive and the fact that users may or may not have personal and or work accounts seems to make it quite confusing for most.

I have researched this quite a bit over the past few days but only find resources that show me AAD libraries in .NET, Azure Graph and Microsoft Graph API's. All of which seem to be convoluted systems that do the oAuth bounce through the Microsoft sign in window.

I am using Golang, but am an MSCA in .NET. If there are references to source code in .net that do not require proprietary / closed source DLL files I can use that as a starting point, or otherwise, if there is some reference point perhaps that shows how to use the MS Graph API to send username and password (entered on my site) and receive some positive or negative response indicating if the credentials provided match an account in my Azure AD would be great.

For example, I know of using https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations to create, get, list, update and delete users. But it doesn't seem to have a validate or authorize procedure (unless of course I'm simply missing it).

My question is, is there a way to validate credentials without using oAuth through the Microsoft account sign in? If so can someone provide reference and or a bit of psuedo code to get me going in the right direction? Thanks in advance!

  • 写回答

1条回答 默认 最新

  • duankuangxie9070 2018-04-22 09:04
    关注

    Basically no. No other OAuth/OpenIdConnect identity provider that I am aware of offers this either. What if the account requires Multi-Factor Authentication?

    There is Resource Owner Password Credentials grant flow, but I would recommend not using it, since it does not work for accounts with MFA for instance. That flow allows "non-interactive" authentication. But if interaction is needed, it fails.

    OAuth/OpenId Connect being "convoluted" is a matter of personal opinion. Certain things are the way they are to make the process secure. The redirect is necessary because the user is signing in to Office 365, not your app. They should not give their passwords to you.

    Seems people have been looking for a MS Graph library for Go: https://github.com/microsoftgraph/MSGraph-SDK-Code-Generator/issues/53. No official one exists at the moment though :/

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 asp.textbox后台赋值前端不能显示什么原因
  • ¥15 宇视监控服务器无法登录
  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥15 DruidDataSource一直closing
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误