{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《How to validate azure active directory user creden》','https://www.manongdao.com/q-1258664.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a set of users in azure active directory; in my program I will collect the user name and password of an end user, and want to check against windows azure active directory.
Is it possible? Please provide some reference.
I know we can validate using Power-shell cmdlets; I want to know if there is any other way to validate user credentials.
Hope this ADAL option might also helps.
Ah, I think, you're trying to implement a SSO scenario. Try Adding Sign-On to Your Web Application Using Windows Azure AD! And if your customer does not have an Azure subscription, this Multi-Tenant Cloud Application for Windows Azure Active Directory sample describes the details with using Azure Active Directory Authentication Library. Hope this helps.
In case someone is still looking for an answer. Support for authenticating user without opening a new window for user cred was added in ADAL version 2.7.10707.1513-rc through providing an object of class
UserCredentialto an overloaded function ofAcquireToken.Here is a sample code for powershell.
$UserCred = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential("****@*****", "*****") $result = $AuthContext.AcquireToken($resource,$clientID,$UserCred)You say that you "will collect user name and password of an end user and want to check against with windows azure active directory" - I am pretty sure this is NOT possible, and I know for sure it is not advisable. This is the opposite of the trend of approaches like OAuth where users can login on many applications using the same credentials (and the part coming up is critical) without ever revealing to those "many applications" their password.
This is the idea of Federated Authentication and is a more secure model than the older approaches of allowing all apps that you log in with to have direct access to your username and password. Typically in such a flow, assuming an existing Office 365 account, the new app you've created and configured to authenticate using O365 will REDIRECT the web browser of the user to O365 where the user types their O365 username and password in, and then agrees (one time) that it is okay for them to be used with this new app, then the browser will REDIRECT back to the app, with a security token with some claims in it. These claims will include the name, email address, and other things about the logged in user and are intended to be sufficient to identify the user in your app.
Same would go for authenticating with, say, Facebook or Google - your app will never directly see the user's password. It would even apply to logging into StackOverflow itself, so you've seen the workflow.