ABP框架中的集成Windows身份验证 [英] Integrated Windows Authentication in ABP framework

问题描述

我正在尝试将ABP与Windows身份验证一起使用，而不是基于表的身份验证.

I'm attempting to use ABP with Windows Authentication rather than Table-based authentication.

计划要有以下框架:

1. 检测该网站是否处于Windows安全上下文中并绕过 登录页面.
2. 然后关联Windows身份/角色并使用它们来映射 在数据库中定义的角色/权限.

1. Detect that the website is in a Windows security context and bypass the login page.
2. Then associate Windows Identity/Roles and use those to map the Roles/Permissions defined in the database.

我没有在文档中看到任何有关Windows集成方法的信息.

I did not see anything in the documentation regarding this Windows-integrated approach.

如果以前有人这样做，我将感谢您的提示.

If anyone has done this previously, I appreciate any tips.

我认为我最好的选择是使用基于策略的授权.因此，在控制器当前使用ABP身份验证属性的地方，我将恢复为普通的ASP.NET属性.

I think my best bet would be to use Policy-based authorization. So where the controllers currently use ABP auth attributes, I'll revert back to the normal ASP.NET ones.

例如[Authorize(Policy = "MyAppAdmin")]

推荐答案

本着共享的精神，我设法绕过了Windows身份验证上下文而避免使用登录屏幕.

in the spirit of sharing here is how i managed to circumvent the use of the login screen for a Window Authenticated context.

1. 隐藏登录"面板，并在用户名/密码控件上设置一些虚拟数据(该虚拟数据实际上并未使用).
js文件中的

2. 立即运行登录操作(无用户交互)

1. make the Login panel hidden and set some dummy data on the username/password controls (the dummy data is not actually used).

2. in the js file run the login action immediately (no user interaction)

abp.ajax({
    contentType: 'application/x-www-form-urlencoded',
    url: $loginForm.attr('action'),
    data: $loginForm.serialize()
});

在AccountController中:

In the AccountController:

var windowsIdentity = WindowsIdentity.GetCurrent();
loginModel.UsernameOrEmailAddress = windowsIdentity.Name;

var count = (from x in windowsIdentity.Claims where x.Value == "myclaim" select x).Count();

if (count == 0)
{
    throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(AbpLoginResultType.InvalidUserNameOrEmailAddress, loginModel.UsernameOrEmailAddress, null);
}

按照上述答案中的说明创建一个ExternalAuthSource.由于实际身份验证已经完成，因此我们将始终返回true.

public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
    return Task.FromResult(true);
}

它的另一个优点是，通过ABP框架自动创建了经过身份验证的用户.为新用户分配的角色取决于Default的角色-请参见表AbpUserRoles.

It has the added advantage that the authenticated user is created by the ABP Framework automatically. The Role the new user is assigned depends on the which role is the Default - see Table AbpUserRoles.

希望这可以帮助尝试在Windows身份验证的上下文中使用该框架的人.

Hopefully this helps somebody trying to use the framework in a Windows-Authenticated context.

这篇关于ABP框架中的集成Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！