ABP 框架中的集成 Windows 身份验证 [英] Integrated Windows Authentication in ABP framework

问题描述

我正在尝试将 ABP 与 Windows 身份验证一起使用，而不是基于表的身份验证.

I'm attempting to use ABP with Windows Authentication rather than Table-based authentication.

计划是有框架:

1. 检测该网站在 Windows 安全上下文中并绕过登录页面.
2. 然后关联 Windows 身份/角色并使用它们来映射数据库中定义的角色/权限.

我在文档中没有看到任何关于这种 Windows 集成方法的内容.

I did not see anything in the documentation regarding this Windows-integrated approach.

如果有人以前这样做过，我很感激任何提示.

If anyone has done this previously, I appreciate any tips.

我认为最好的办法是使用基于策略的授权.因此，在控制器当前使用 ABP 身份验证属性的地方，我将恢复到正常的 ASP.NET 属性.

I think my best bet would be to use Policy-based authorization. So where the controllers currently use ABP auth attributes, I'll revert back to the normal ASP.NET ones.

例如[Authorize(Policy = "MyAppAdmin")]

推荐答案

本着在这里分享的精神，我设法绕过登录屏幕用于 Window Authenticated 上下文.

in the spirit of sharing here is how i managed to circumvent the use of the login screen for a Window Authenticated context.

1. 隐藏登录面板并在用户名/密码控件上设置一些虚拟数据(虚拟数据实际上并未使用).

2. 在 js 文件中立即运行登录操作(无用户交互)

1. make the Login panel hidden and set some dummy data on the username/password controls (the dummy data is not actually used).

2. in the js file run the login action immediately (no user interaction)

abp.ajax({
    contentType: 'application/x-www-form-urlencoded',
    url: $loginForm.attr('action'),
    data: $loginForm.serialize()
});

在 AccountController 中:

In the AccountController:

var windowsIdentity = WindowsIdentity.GetCurrent();
loginModel.UsernameOrEmailAddress = windowsIdentity.Name;

var count = (from x in windowsIdentity.Claims where x.Value == "myclaim" select x).Count();

if (count == 0)
{
    throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(AbpLoginResultType.InvalidUserNameOrEmailAddress, loginModel.UsernameOrEmailAddress, null);
}

按照上述答案中的说明创建一个 ExternalAuthSource.我们将始终返回 true 因为真正的身份验证已经完成.

Create an ExternalAuthSource as described in the answer above. We will always return true becuase the real authentication is already done.

public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
    return Task.FromResult(true);
}

它还有一个额外的优势，即经过身份验证的用户是由 ABP 框架自动创建的.为新用户分配的角色取决于哪个角色是 Default - 请参阅表 AbpUserRoles.

It has the added advantage that the authenticated user is created by the ABP Framework automatically. The Role the new user is assigned depends on the which role is the Default - see Table AbpUserRoles.

希望这对尝试在 Windows 身份验证上下文中使用该框架的人有所帮助.

Hopefully this helps somebody trying to use the framework in a Windows-Authenticated context.

这篇关于ABP 框架中的集成 Windows 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！