我正嘗試通過羣組爲我的應用程序在Azure上設置基於角色的訪問權限。我關注了以下文章(對不起,張貼鏈接作爲代碼,不允許發佈超過1個鏈接)。然而,我的應用程序沒有收到任何團體索賠。Azure AD不會發出羣組聲明
https://www.simple-talk.com/cloud/security-and-compliance/azure-active-directory-part-4-group-claims/
http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
我所做到目前爲止
清單文件
"appId": "d754a979-689d-45f8-8c63-983de55840da"
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Manager",
"id": "1e06dae5-467a-40cf-a9a6-14baf3969472",
"isEnabled": true,
"description": "Manages",
"value": "Manager"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Issuer",
"id": "da85f458-720d-4c09-861f-92f5c465ee3e",
"isEnabled": true,
"description": "Issues",
"value": "Issuer"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Supervisor",
"id": "d64807d4-6e12-4637-a049-2a61b250507b",
"isEnabled": true,
"description": "Can perform any function",
"value": "Supervisor"
}
],
"availableToOtherTenants": false,
"displayName": "traffic",
"errorUrl": null,
"groupMembershipClaims": "SecurityGroup",
"homepage": "https://myapp.ca",
"identifierUris": [
"https://myapp.azurewebsites.net/"
],
還增加了相關羣體與APP在Azure上(假設組包含至少一個用戶) Groups Assignment on Azure
但我確實沒有得到我的應用程序中的任何組索賠。以下代碼總是會導致計數爲零。有任何想法嗎?提前致謝。
var claims = ClaimsPrincipal.Current.Claims.Where(c => c.Type == "groups");
Debug.Print("Total Group Claims in HomeController #### "+claims.Count());
foreach (Claim c in claims)
{
Debug.Print("%%%%%%%% " + c.Value + " %%% VALUETYPE %%% " + c.Type);
}
謝謝費雪。已經試過並驗證了所有這些步驟。不起作用:(不知道我是否錯過了某些東西......如果在將應用程序部署到Azure後還有其他步驟 – Dev
部署到Azure不會影響此行爲,並且沒有其他附加步驟在id_token中發佈組聲明。我建議你按照[active-directory-dotnet-webapp-groupclaims](https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims)來測試它從頭開始應該很好。 –