ASP.NET Core 2.0 LDAP Active Directory身份验证 [英] ASP.NET Core 2.0 LDAP Active Directory Authentication

问题描述

我从过去发现了很多信息，说 1月份实施的..我似乎找不到有关如何实现它的任何信息.

I have found a lot of information from the past saying that LDAP authentication isn't enabled yet but you can get around that using third party packages. However, it seems that LDAP authentication WAS implemented back in January. I can't seem to find any information on HOW to implement it.

我已经在我的项目中设置了自定义身份验证，我只需要逻辑来填写HandleAuthenticateAsync方法.

I already have custom authentication set up in my project, I just need the logic to fill in the HandleAuthenticateAsync method.

我尝试使用其他示例，但是它们似乎不适用于.NET Core 2.0.

I have tried using other examples, but they don't seem to work with .NET Core 2.0.

这是我能想到的唯一相关代码

Here is the only relevant code that I have that I can think of posting

protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
    // Get Authorization header value
    if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) {
        return Task.FromResult(AuthenticateResult.Fail("Cannot read authorization header."));
    }

    // TODO: Authenticate user

    // Create authenticated user ticket
    var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
    var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);

    return Task.FromResult(AuthenticateResult.Success(ticket));

    // else User not authenticated
    return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));
}

所以，我的问题是，如何在.NET Core 2.0中实现LDAP身份验证?

So, my question is, how do I implement LDAP Authentication in .NET Core 2.0?

推荐答案

感谢Win的答案，指出我需要使用 Windows兼容包，我能够弄清楚这一点.

Thanks to Win's Answer for pointing out that I needed to use Windows Compatibility Pack, I was able to figure this out.

我要做的第一件事是安装 Nuget软件包

The first thing I had to do was install the Nuget package

Install-Package Microsoft.Windows.Compatibility 

当时，我需要一个预览版，所以我在命令末尾附加了-Version 2.0.0-preview1-26216-02

然后，为System.DirectoryServices和System.DirectoryServices.AccountManagement

然后，只需将此逻辑插入我的HandleAuthenticateAsync方法中即可:

Then, just plug this logic into my HandleAuthenticateAsync method:

const string LDAP_PATH = "EX://exldap.example.com:5555";
const string LDAP_DOMAIN = "exldap.example.com:5555";

using (var context = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd")) {
    if (context.ValidateCredentials(username, password)) {
        using (var de = new DirectoryEntry(LDAP_PATH))
        using (var ds = new DirectorySearcher(de)) {
            // other logic to verify user has correct permissions

            // User authenticated and authorized
            var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);
            return Task.FromResult(AuthenticateResult.Success(ticket));
        }
    }
}

// User not authenticated
return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));

这篇关于ASP.NET Core 2.0 LDAP Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！