问题描述

我正在慢慢地开始使用ASP.NET Core Web应用程序并运行它，我想将我的项目放到网上以便能够使用它(并因此知道如何改进它)-也可以在移动设备上使用它.但是由于我处于学习阶段，因此我不知道应该采取什么措施使其成为防弹产品，因此我希望保护我的Web应用程序免遭可能的滥用(此时，我有一个现收现付的服务计划，而且使用率如此之低，每月仅花费我大约一美元.

I'm slowly getting up and running with ASP.NET Core web applications and I want to put my project online in order to be able to use it (and therefore know how to improve it) - also with mobile devices. But since I am at a learning stage where I am not aware of all the measures I should take to make it bullet-proof I want to secure my web application against possible misuse (at this point I have a pay-as-you-go plan and the usage is that low that it costs me only about one dollar per month).

我计划在适当的时候将网站从为自己服务"转变为向所有人开放"，因此，我只对可能扩展的解决方案感兴趣.

I have the plan to move the website from "playgroud for myself" to "open for everyone" when the right time has come, therefore I am only interested in solutions that possibly scale.

我想以最简单的方式配置Azure网站，以便只有我(使用我的特定Microsoft帐户)可以登录我的网站.我的首选方式是保留代码不变，并直接在Azure门户中配置所有内容(前提是它还允许我将来在某个时候为愿意使用其Microsoft帐户登录的任何用户打开代码).我还希望我的网站上有一个链接以注销我(从不属于我的计算机访问该网站时，访问该链接很重要).

I want to configure my Azure website in the most easiest fashion so that only I (with my specific Microsoft account) can sign in to my website. My preferred way would be to leave the code untouched and configure everything directly in the Azure portal (provided that it would also allow me to open it up at some time in the future for any user who is willing to sign in with their Microsoft account). I also want my website to have a link to sign me out (which is important to have around when accessing the website from a computer not belonging to me).

我已经看到了在Web应用程序的代码中添加了身份验证的示例，并且我知道我可以实现一个数据库来照顾可以登录的用户，但这不是我想要的.也许现在对我(以及我对ASP.NET Web应用程序的最低了解)与我创建的内容联机还为时过早，但是我已经从使用您构建的内容"中收集了非常丰硕的经验，尤其是在过去的早期学习阶段./p>

I have seen samples where authentication is added in the code of the web application and I know I could implement a database to take care of users who can sign in but this is not what I am looking for. Maybe it's too early for me (and my minimal understanding of ASP.NET web applications) to go online with what I have created but I have gathered very fruitfull experiences from "use what you build" especially in early learning stages in the past.

推荐答案

设置Azure Web App要求Azure AD身份验证非常容易.如果您使用此处所述的快速设置，，您将拥有一个安全站点，只有您的Azure AD租户中的用户才能查看/使用.一旦准备就绪，就可以轻松删除它以允许未经身份验证的访问.

It's pretty easy to set an Azure Web App to require Azure AD authentication. If you use the express settings outlined here, you will have a secured site that only users in your Azure AD tenant can see/use. Once you are ready to go live, you can easily remove this to allow unauthenticated access.

1. 在Azure门户中，导航到您的App Service应用程序.在左侧导航栏中，选择身份验证/授权.
2. 如果未启用身份验证/授权，请选择打开.
3. 选择Azure Active Directory，然后在管理模式下选择 Express .
4. 选择确定以在Azure Active Directory中注册App Service应用程序.这将创建一个新的应用程序注册.如果要选择现有的应用程序注册，请单击选择现有的应用程序，然后在租户中搜索以前创建的应用程序注册的名称.点击应用注册以将其选中，然后点击确定.然后在"Azure Active Directory设置"页面上单击确定.默认情况下，App Service提供身份验证，但不限制对您的网站内容和API的授权访问.您必须在您的应用代码中授权用户.
5. (可选)要将访问权限限制为仅由Azure Active Directory验证的用户，请将未验证请求时采取的操作设置为使用Azure Active Directory登录>.这要求所有请求都经过身份验证，并且所有未身份验证的请求都将重定向到Azure Active Directory进行身份验证.
6. 点击保存.

1. In the Azure portal, navigate to your App Service app. In the left navigation, select Authentication / Authorization.
2. If Authentication / Authorization is not enabled, select On.
3. Select Azure Active Directory, and then select Express under Management Mode.
4. Select OK to register the App Service app in Azure Active Directory. This creates a new app registration. If you want to choose an existing app registration instead, click Select an existing app and then search for the name of a previously created app registration within your tenant. Click the app registration to select it and click OK. Then click OK on the Azure Active Directory settings page. By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
5. (Optional) To restrict access to your site to only users authenticated by Azure Active Directory, set Action to take when request is not authenticated to Log in with Azure Active Directory. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
6. Click Save.

这篇关于如何配置Azure网站，以便仅特定用户可以访问它的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！