如何对数据库中的用户使用Windows身份验证 [英] How do I use Windows Authentication with users in database
问题描述
我的主要目标是使用Windows身份验证来查询要通过Web应用程序使用的自定义用户"表.我不确定是否有常规的方法.
My main goal is using the Windows Authentication to query my custom Users table to use through the web application. I am not sure there is a conventional way of doing this.
我在SQL数据库中有一个预定义的用户"表和角色"表.如何使用User.Identity.Name
查询此Users表并将所有表数据以及角色映射到ApplicationUser
类,该类以后可在Intranet Web应用程序中进一步使用?
I have a predefined Users table and Roles table in a SQL database. How do I use the User.Identity.Name
to query this Users table and map all the tables data along with the roles to a ApplicationUser
class that can be further used later in the intranet web application?
通过阅读大量文章,我找不到与我所追求的目标紧密相关的任何东西.我认为这将在ConfigureServices
下的Startup
类中完成,但也不确定.每当用户第一次导航到该网站时,我都需要对其进行查找.
I was unable to find anything closely related to what I am after from reading tons of articles. I assume this will be done in the Startup
class under ConfigureServices
but am also unsure of that. I need the user to be looked up whenever they navigate to the site for the first time.
推荐答案
我会选择ClaimsTransformer
来获取用户声明.我将尝试展示如何获得用户声明并处理Windows Authenticatin的授权.
I would go with ClaimsTransformer
to get user claims. I just will try to show how to get user claims and to handle authorization for Windows Authenticatin.
首先创建一个ClaimsTransformer
类:
public class ClaimsTransformer : IClaimsTransformer
{
// i assume you have a user service in which you get user info via entity framework
private readonly IUserService _userService;
public ClaimsTransformer(IUserService userService)
{
_userService = userService;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
{
var identity = ((ClaimsIdentity)context.Principal.Identity);
// ... add user claims if required
var roles = _userService.GetRoles(identity.Name);
foreach(var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
return await Task.FromResult(context.Principal);
}
}
然后在Configure
方法中使用它
public void Configure(IApplicationBuilder app)
{
//...
app.UseClaimsTransformation(async (context) =>
{
IClaimsTransformer transformer = context.Context.RequestServices.GetRequiredService<IClaimsTransformer>();
return await transformer.TransformAsync(context);
});
//...
}
不幸的是,User.IsInRole
方法不适用于ClaimsTransformer
(如果您为ClaimsTransformer
添加角色,则IsInRole将为false),因此您不能将[Authorize(Roles = "")]
与ClaimsTransformer
一起使用.在这种情况下,您可以使用基于声明的授权处理授权.
Unfortunately User.IsInRole
method doesn't work with ClaimsTransformer
(if you add role with ClaimsTransformer
, IsInRole will be false) so you can't use [Authorize(Roles = "")]
with ClaimsTransformer
. In this case you can use Claims Based Authorization to handle authotorization.
因此,最后将以下代码添加到ConfigureServices并使用Authorize
属性:
So finally add below code to ConfigureServices and use Authorize
attribute:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddSingleton<IClaimsTransformer, ClaimsTransformer>();
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdministratorRole", policy => policy.RequireClaim(ClaimTypes.Role, "Administrator"));
});
//...
}
[Authorize(Policy = "RequireAdministratorRole")]
public IActionResult Index() { }
这篇关于如何对数据库中的用户使用Windows身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!