Azure AD authentication without app registration

2019-02-20 06:10发布

问题:

I want to access Azure Directories and Subscriptions using my web app hosted on my server but i do not want to register my app in active directory because

  1. i do not have permissions to register my app in active directory
  2. I want to authenticate users from out of my active directory too.

for example following sites let you authenticate any Azure AD user.

  • https://resources.azure.com/
  • https://azureiotsuite.com

Please help me to where to start. i have tried Azure AD authentication but it asks you to register your app in Azure AD Apps.

回答1:

One option is to register your app at https://apps.dev.microsoft.com. (And use the v2 endpoints)

Documentation here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-appmodel-v2-overview

What you want to make is known as a multi-tenant application. An application to which you can login from any Azure AD tenant.

The first link leads you to create a converged app which allows you to use Microsoft accounts as well as Azure AD accounts to sign in.

If you only want Azure AD accounts, you could just create an Azure AD and register the app there as a multi-tenant app. (And use the v1 endpoints)