如何对数据库中的用户使用 Windows 身份验证 [英] How do I use Windows Authentication with users in database

问题描述

我的主要目标是使用 Windows 身份验证来查询我的自定义用户表以通过 Web 应用程序使用.我不确定是否有传统的方法来做到这一点.

My main goal is using the Windows Authentication to query my custom Users table to use through the web application. I am not sure there is a conventional way of doing this.

我在 SQL 数据库中有一个预定义的用户表和角色表.如何使用 User.Identity.Name 查询此 Users 表并将所有表数据与角色一起映射到 ApplicationUser 类，以后可以进一步使用Intranet Web 应用程序?

I have a predefined Users table and Roles table in a SQL database. How do I use the User.Identity.Name to query this Users table and map all the tables data along with the roles to a ApplicationUser class that can be further used later in the intranet web application?

通过阅读大量文章，我无法找到与我所追求的密切相关的任何内容.我假设这将在 ConfigureServices 下的 Startup 类中完成，但我也不确定.我需要在用户第一次导航到该网站时对其进行查找.

I was unable to find anything closely related to what I am after from reading tons of articles. I assume this will be done in the Startup class under ConfigureServices but am also unsure of that. I need the user to be looked up whenever they navigate to the site for the first time.

推荐答案

我会使用 ClaimsTransformer 来获取用户声明.我将尝试展示如何获取用户声明并处理 Windows Authenticatin 的授权.

I would go with ClaimsTransformer to get user claims. I just will try to show how to get user claims and to handle authorization for Windows Authenticatin.

首先创建一个ClaimsTransformer类:

public class ClaimsTransformer : IClaimsTransformer
{
    // i assume you have a user service in which you get user info via entity framework
    private readonly IUserService _userService;   
    public ClaimsTransformer(IUserService userService)
    {
         _userService = userService;
    }
    public async Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
    {
        var identity = ((ClaimsIdentity)context.Principal.Identity);
        // ... add user claims if required
        var roles = _userService.GetRoles(identity.Name);
        foreach(var role in roles)
        {
            identity.AddClaim(new Claim(ClaimTypes.Role, role));
        }
        return await Task.FromResult(context.Principal);
    }
}

然后在Configure方法中使用

    public void Configure(IApplicationBuilder app)
    {
        //...
        app.UseClaimsTransformation(async (context) =>
        {
            IClaimsTransformer transformer = context.Context.RequestServices.GetRequiredService<IClaimsTransformer>();
            return await transformer.TransformAsync(context);
        });
        //...
    }

不幸的是，User.IsInRole 方法不适用于 ClaimsTransformer(如果您使用 ClaimsTransformer 添加角色，IsInRole 将为 false)所以您不能将 [Authorize(Roles = "")] 与 ClaimsTransformer 一起使用.在这种情况下，您可以使用 基于声明的授权 来处理授权.

Unfortunately User.IsInRole method doesn't work with ClaimsTransformer(if you add role with ClaimsTransformer, IsInRole will be false) so you can't use [Authorize(Roles = "")] with ClaimsTransformer. In this case you can use Claims Based Authorization to handle authotorization.

所以最后将以下代码添加到 ConfigureServices 并使用 Authorize 属性:

So finally add below code to ConfigureServices and use Authorize attribute:

    public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.
        services.AddSingleton<IClaimsTransformer, ClaimsTransformer>();
        services.AddAuthorization(options =>
        {
            options.AddPolicy("RequireAdministratorRole", policy => policy.RequireClaim(ClaimTypes.Role, "Administrator"));
        });
        //...
    }

    [Authorize(Policy = "RequireAdministratorRole")]
    public IActionResult Index() { }

这篇关于如何对数据库中的用户使用 Windows 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！