adal

来源： https://stackoverflow.com/questions/64510998/get-upn-and-email-address-from-msal-2-0-tokens

来源： https://stackoverflow.com/questions/56808323/azure-python-flask-app-ad-authentication-issue

来源： https://stackoverflow.com/questions/56808323/azure-python-flask-app-ad-authentication-issue

来源： https://stackoverflow.com/questions/57423997/accessing-multiple-resources-in-a-single-authorization-request

问题 So we have this application that has two parts Front end ui - using Angular JS Back end - rest api using Spring boot Front end is secured using microsoft-adal-angular6 library to authenticate with Azure Active Directory My question is what is the right way to secure the Back end so only active directory authenticated users can access the API? 回答1: I would suggest to use a jwt token, that is attached to every request to your backend as 'Authorization' header. The token consists of three parts,

问题 We have a site developed using Angular 7 and it uses Adal-Angular4 library for Azure Active Directoty authentication. When the site is browsed in safari on iPhone, it runs into below error. Error: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE

问题 We have a site developed using Angular 7 and it uses Adal-Angular4 library for Azure Active Directoty authentication. When the site is browsed in safari on iPhone, it runs into below error. Error: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE

问题 Using a single asp.net(4.6.1) web project, apparently I'm unable to validate the jwt token that was generated on the same server. Startup.cs : var secret = Encoding.UTF8.GetBytes("12341234123412341234"); var jwtFormatter = new CustomJwtFormat("Any", "local", secret); // This part checks the tokens app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ExternalBearer, AuthenticationMode = AuthenticationMode.Active, // Block requests

问题 Using a single asp.net(4.6.1) web project, apparently I'm unable to validate the jwt token that was generated on the same server. Startup.cs : var secret = Encoding.UTF8.GetBytes("12341234123412341234"); var jwtFormatter = new CustomJwtFormat("Any", "local", secret); // This part checks the tokens app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ExternalBearer, AuthenticationMode = AuthenticationMode.Active, // Block requests

问题 I am using ADAL's (Microsoft.IdentityModel.Clients.ActiveDirectory v4.3.0) AuthenticationContext.AcquireTokenAsync to acquire a bearer token with a ClientCredential . I am creating a new AuthenticationContext to acquire a token for each request. Is that thread-safe? Or do I have to lock the call to AcquireTokenAsync with a static SemaphoreSlim ? I am asking because according to http://www.cloudidentity.com/blog/2013/10/01/getting-acquainted-with-adals-token-cache/ the method uses a static