如何使用 Windows Active Directory 身份验证和基于身份的声明? [英] How to use Windows Active Directory Authentication and Identity Based Claims?
问题描述
我们希望使用 Windows Active Directory 来验证用户进入应用程序的身份.但是,我们不想使用 Active Directory 组来管理控制器/视图的授权.
We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.
据我所知,将 AD 和基于身份的声明结合起来并不容易.
As far as I know, there is not an easy way to marry AD and identity based claims.
- 使用本地 Active Directory 对用户进行身份验证
- 使用身份框架来管理声明
- Windows.Owin.Security.ActiveDirectory - Doh.这适用于 Azure AD.不支持 LDAP.他们可以将其称为 AzureActiveDirectory 吗?
- Windows 身份验证 - 这适用于 NTLM 或 Keberos 身份验证.问题开始于:i) 令牌和声明都由 AD 管理,我无法弄清楚如何使用身份声明.
- LDAP - 但这些似乎迫使我手动进行表单身份验证以使用身份声明?当然必须有更简单的方法吗?
任何帮助将不胜感激.我已经被这个问题困扰了很长时间,希望得到外界对此事的投入.
Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.
推荐答案
你上面的解决方案把我推向了一个对我有用的方向 MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:
Shoe your solution above pushed me toward a direction that worked for me on MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return View(model);
}
//
// Check for user existance in Identity Framework
//
ApplicationUser applicationUser = await _userManager.FindByNameAsync(model.eID);
if (applicationUser == null)
{
ModelState.AddModelError("", "Invalid username");
return View(model);
}
//
// Authenticate user credentials against Active Directory
//
bool isAuthenticated = await Authentication.ValidateCredentialsAsync(
_applicationSettings.Options.DomainController,
_applicationSettings.Options.DomainControllerSslPort,
model.eID, model.Password);
if (isAuthenticated == false)
{
ModelState.AddModelError("", "Invalid username or password.");
return View(model);
}
//
// Signing the user step 1.
//
IdentityResult identityResult
= await _userManager.CreateAsync(
applicationUser,
cancellationToken: Context.RequestAborted);
if(identityResult != IdentityResult.Success)
{
foreach (IdentityError error in identityResult.Errors)
{
ModelState.AddModelError("", error.Description);
}
return View(model);
}
//
// Signing the user step 2.
//
await _signInManager.SignInAsync(applicationUser,
isPersistent: false,
authenticationMethod:null,
cancellationToken: Context.RequestAborted);
return RedirectToLocal(returnUrl);
}
这篇关于如何使用 Windows Active Directory 身份验证和基于身份的声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!