4

使用 ADAL 库获取 WAAD 的令牌,我想知道如何更好地控制登录流程。

var ac = new AuthenticationContext("https://login.windows.net/" + ActiveDirectoryTenantId);
AuthenticationInfo = ac.AcquireToken(
                         resource: "https://management.core.windows.net/",
                         clientId: "1950a258-227b-4e31-a9cf-717495945fc2",
                         redirectUri: new Uri("urn:ietf:wg:oauth:2.0:oob"));

提示用户登录。对我来说是通过 Live Id,对于我客户的计算机是通过组织帐户,并且无法在它们之间切换。它似乎由计算机可能运行的当前会话的方式/当前会话控制,这些会话已经登录到 azure。

我可以在 AcquireToken 调用中做任何事情来控制它吗?如果我可以在人们登录 Azure 时触发正常流程,他们可以选择它是实时 ID 还是组织登录,那将是最好的。

我试过这个:

ac.AcquireToken("https://management.core.windows.net/",
                    "1950a258-227b-4e31-a9cf-717495945fc2",
                    new Uri("urn:ietf:wg:oauth:2.0:oob"), PromptBehavior.Always,"wtrealm=urn:federation:MicrosoftOnline");

没有运气。

4

1 回答 1

1

我发现了一些似乎可以提供更多控制的魔术。

// ID for site to pass to enable EBD (email-based differentiation)
// This gets passed in the call to get the azure branding on the
// login window. Also adding popup flag to handle overly large login windows.
internal const string EnableEbdMagicCookie = "site_id=501358&display=popup";

private void ClearCookies()
{
    NativeMethods.InternetSetOption(IntPtr.Zero, NativeMethods.INTERNET_OPTION_END_BROWSER_SESSION, IntPtr.Zero, 0);
}

private static class NativeMethods
{
    internal const int INTERNET_OPTION_END_BROWSER_SESSION = 42;

    [DllImport("wininet.dll", SetLastError = true)]
    internal static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer,
        int lpdwBufferLength);
}
于 2014-02-12T12:15:42.957 回答