How a web app delegates sign-in to the Microsoft identity platform and obtains a token If the identity provider is Azure AD, the web app redirects authentication to, which displays a sign-in dialog. If a cookie isn't present, ASP.NET redirects authentication to the specified identity provider. This attribute causes ASP.NET to check for the presence of a session cookie containing the identity of the user. For example, in ASP.NET/ASP.NET Core, this is done by adding the attribute to the controller actions. Web app developers can indicate whether all or only certain pages require authentication. How a web app determines if the user is authenticated The following sequence diagram summarizes this interaction: When the user navigates to another page, the web app knows that the user is authenticated based on the session cookie. If the validation succeeds, the web app displays the protected page and saves a session cookie in the browser's cookie jar. The cookie is produced by Azure AD and can only be understood by Azure AD. This is also the way that SSO is achieved. The next time an app uses the browser to navigate to the the Microsoft identity platform authorization endpoint, the browser presents the cookie so that the user doesn't have to sign in again. A cookie is saved, associated with Azure AD's domain, that contains the identity of the user in the browser's cookie jar.The Microsoft identity platform sends a token to the web app.When the user has successfully authenticated: This is why client apps need to be registered with Azure AD, so that the Microsoft identity platform can deliver tokens representing the access that the user has consented to. The user is asked to consent to the access that the client app needs.
SIGNFLOW LOGIN PASSWORD
That sign in will be compliant with the policy of the organization, which may mean asking the user to enter their credentials, using multi-factor authentication (sometimes referred to as two-factor authentication or 2FA), or not using a password at all (for example using Windows Hello). If the user isn't authenticated, the web app delegates to Azure AD to sign in the user.The web app determines whether the user is authenticated.When a user navigates in the browser to a web app, the following happens: See Authentication flows and app scenarios to learn about sign-in scenarios supported by Microsoft identity platform.
This topic discusses the basic sign-in flow for web, desktop, and mobile apps using Microsoft identity platform.
0 kommentar(er)
