如何使用Servicestack身份验证与Active Directory / Windows身份验证？ [英] How to use Servicestack Authentication with Active Directory/Windows Authentication?

问题描述

我创建一个安全（SSL）公共其中的用户凭据驻留在Active Directory服务。我想利用ServiceStack的认证，并已阅读过维基文章。我已经有code编写的验证与AD用户凭据。我有几个问题。

I am creating a secure (SSL) public service where the users credentials reside in Active Directory. I want to leverage ServiceStack's Authentication and have read over the wiki article. I already have code written to verify the user credentials with AD. I have a few questions.

1. 在哪个验证提供者适合我？凭据，基本认证或自定义？该服务需要SSL，以便基本验证是安全的，但密码会被加密，以增加安全性。
2. 请我仍然需要存储USERAUTH和缓存AuthUserSession？
3. 请问MonoTouch的客户端支持的认证？

更新2：我也最终使一个测试SS服务，与AD集成，使用CredentialsAuthProvider。但是我的最终目标是拥有1个网站，这是一个API，当客户端调用。所以基本上一个SS MVC的网站。

Update 2: I did end up making a test SS service that integrated with AD, using CredentialsAuthProvider. However my ultimate goal it to have 1 site that is an api when called by clients. So basically a SS MVC site.

更新：

这是在做一些调查研究的SS正在考虑这样做，可以支持Windows身份验证，在未来的商业产品后，我的理解。我读这从mythz对SS谷歌的组添加注释。我之所以问这个太问题是，我公司建立使用IWA，采用SS MVC是很难不IWA内部应用​​程序。我想我读，你可能拥有的SS MVC网站关闭使用IWA一个ASP.NET网站，但我还没有尝试过呢。

It is my understanding after doing some more research that SS is considering doing a commercial product that may support Windows Authentication in the future. I read this in a comment from mythz on the SS Google group. The reason I asked this SO question is that my company builds internal applications using IWA and adopting SS MVC is hard without IWA. I think I read that you could host the SS MVC site off of a ASP.NET site that uses IWA but I have not tried that yet.

推荐答案

我也迷上了ServiceStack与集成Windows身份验证（对于企业应用程序），关键是要跳到试图将其与ServiceStack的AuthProviders完全整合，由于IWA的一般方法不处理应用程序中的code凭据 - 它是由Web服务器处理。我所做的是：

I've also hooked up ServiceStack with Integrated Windows Authentication (for a corporate application), and the key was to skip trying to integrate it with ServiceStack's AuthProviders entirely, since the general approach of IWA doesn't deal with credentials in your application code -- it's handled by the web server. What I did was:

1. 在IIS中配置网站/应用程序，以便Windows身份验证是唯一启用的选项。 （没有匿名访问允许的）。这意味着IIS本身会照顾挑战 - 响应（HTTP二百分之四百零一）序列，未授权的用户，并处理过程中，你的身份验证的部分。

1. Configure the site/application in IIS so that Windows Authentication was the only enabled option. (No Anonymous access allowed.) This means IIS itself will take care of the challenge-response (HTTP 401/200) sequence with unauthenticated users, and handles the authentication part of the process for you.

实施ServiceStack的 IHasRequestFilter （一个HTTP pre请求过滤器）作为属性（例如，[AdminOnly]）。该过滤器的RequestFilter方法​​获取来自HttpContext的当前用户名（ HttpContext.User.Identity.Name ），看起来它从一个存储库（这可能是一个SQL数据库，平面文件，等），缓存结果使用ServiceStack的 ICacheClient （内存缓存，Redis的，等等），并抛出一个403 HTTPError这样，如果未经授权的。

Implement ServiceStack's IHasRequestFilter (an HTTP pre-request filter) as an Attribute (e.g., [AdminOnly]). This filter's RequestFilter method fetches the current username from HttpContext (HttpContext.User.Identity.Name), looks it up from a repository (which could be a SQL database, flat file, etc.), caches results using ServiceStack's ICacheClient (memory cache, Redis, etc.), and throws a 403 HttpError if unauthorized.

通过这个工作，都认为是必要的是要添加属性的类或方法需要的地方（这得到这个认证/授权进入服务管道需要时），并登记自己所需的缓存提供者在我APPHOST实现，例如：

With this done, all that was necessary was to add the attribute to classes or methods where desired (which gets this authentication/authorization into the service pipeline where desired), and register my desired cache provider in my AppHost implementation, e.g.:

 container.Register<ICacheClient>(new MemoryCacheClient() { FlushOnDispose = false });

它精美的作品。

It works beautifully.

这篇关于如何使用Servicestack身份验证与Active Directory / Windows身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！