ASP.NET Core 2.0 LDAP 活动目录身份验证 [英] ASP.NET Core 2.0 LDAP Active Directory Authentication

问题描述

我发现很多过去的信息都说LDAP 身份验证尚未启用，但您可以使用第三方软件包解决此问题.但是，LDAP 身份验证似乎是 在一月份实施.我似乎找不到有关如何实施它的任何信息.

我已经在我的项目中设置了自定义身份验证，我只需要填写的逻辑HandleAuthenticateAsync 方法.

我尝试过使用其他示例，但它们似乎不适用于 .NET Core 2.0.

这是我能想到的唯一相关代码

protected override TaskHandleAuthenticateAsync(){//获取授权头值if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) {return Task.FromResult(AuthenticateResult.Fail("无法读取授权头."));}//TODO: 验证用户//创建经过身份验证的用户票var identities = new List{ new ClaimsIdentity("自定义身份验证类型") };var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);返回 Task.FromResult(AuthenticateResult.Success(ticket));//否则用户未通过身份验证return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));}

那么，我的问题是，如何在 .NET Core 2.0 中实现 LDAP 身份验证?

解决方案

感谢 Win 的 回答 指出我需要使用 Windows 兼容包，我能够解决这个问题.

我必须做的第一件事是安装 Nuget 包

安装包 Microsoft.Windows.Compatibility

当时我需要一个预览版，所以我在这个命令的末尾附加了-Version 2.0.0-preview1-26216-02

然后，为 System.DirectoryServices 和 System.DirectoryServices.AccountManagement

添加 using 语句

然后，将此逻辑插入到我的 HandleAuthenticateAsync 方法中:

const string LDAP_PATH = "EX://exldap.example.com:5555";const string LDAP_DOMAIN = "exldap.example.com:5555";使用 (var context = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd")) {if (context.ValidateCredentials(username, password)) {使用 (var de = new DirectoryEntry(LDAP_PATH))使用 (var ds = new DirectorySearcher(de)) {//验证用户是否拥有正确权限的其他逻辑//用户认证和授权var identities = new List{ new ClaimsIdentity("自定义身份验证类型") };var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);返回 Task.FromResult(AuthenticateResult.Success(ticket));}}}//用户未认证return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));

I have found a lot of information from the past saying that LDAP authentication isn't enabled yet but you can get around that using third party packages. However, it seems that LDAP authentication WAS implemented back in January. I can't seem to find any information on HOW to implement it.

I already have custom authentication set up in my project, I just need the logic to fill in the HandleAuthenticateAsync method.

I have tried using other examples, but they don't seem to work with .NET Core 2.0.

Here is the only relevant code that I have that I can think of posting

protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
    // Get Authorization header value
    if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) {
        return Task.FromResult(AuthenticateResult.Fail("Cannot read authorization header."));
    }

    // TODO: Authenticate user

    // Create authenticated user ticket
    var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
    var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);

    return Task.FromResult(AuthenticateResult.Success(ticket));

    // else User not authenticated
    return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));
}

So, my question is, how do I implement LDAP Authentication in .NET Core 2.0?

解决方案

Thanks to Win's Answer for pointing out that I needed to use Windows Compatibility Pack, I was able to figure this out.

The first thing I had to do was install the Nuget package

Install-Package Microsoft.Windows.Compatibility 

At the time, I needed a preview version, so I appended -Version 2.0.0-preview1-26216-02 on the end of this command

Then, add using statements for System.DirectoryServices and System.DirectoryServices.AccountManagement

Then, just plug this logic into my HandleAuthenticateAsync method:

const string LDAP_PATH = "EX://exldap.example.com:5555";
const string LDAP_DOMAIN = "exldap.example.com:5555";

using (var context = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd")) {
    if (context.ValidateCredentials(username, password)) {
        using (var de = new DirectoryEntry(LDAP_PATH))
        using (var ds = new DirectorySearcher(de)) {
            // other logic to verify user has correct permissions

            // User authenticated and authorized
            var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);
            return Task.FromResult(AuthenticateResult.Success(ticket));
        }
    }
}

// User not authenticated
return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));

这篇关于ASP.NET Core 2.0 LDAP 活动目录身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！