如何使用Windows Active Directory验证和基于身份的声明？ [英] How to use Windows Active Directory Authentication and Identity Based Claims?

问题描述

我们希望使用Windows Active Directory来验证用户到应用程序中。但是，我们不希望使用Active Directory组来管理的控制器/视图授权。

We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.

据我所知，还没有结婚AD和身份基于声明的简单方法。

As far as I know, there is not an easy way to marry AD and identity based claims.

• 验证与当地的Active Directory用户


• 使用身份框架来管理要求

• Windows.Owin.Security.ActiveDirectory - 卫生署。这是为天青的AD。没有LDAP支持。难道他们已经把它称为AzureActiveDirectory呢？


• Windows验证 - 这是正常使用NTLM或Keberos验证。这些问题开始：我）令牌和索赔都是由AD管理，我无法弄清楚如何使用身份与它声称。


• LDAP - 但这些似乎是强迫我做手工窗体身份验证，才能使用身份声明？当然，必须有一个更简单的方法？

任何帮助会比AP preciated多。我一直停留在这个问题上相当长的时间，并就此事将AP preciate外部输入。

Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.

推荐答案

以上鞋业解决方案推动朝我为我工作的MVC6-β3Identityframework7-β3EntityFramework7-β3方向：

Shoe your solution above pushed me toward a direction that worked for me on MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:

//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    //
    // Check for user existance in Identity Framework
    //
    ApplicationUser applicationUser = await _userManager.FindByNameAsync(model.eID);
    if (applicationUser == null)
    {
        ModelState.AddModelError("", "Invalid username");
        return View(model);
    }

    //
    // Authenticate user credentials against Active Directory
    //
    bool isAuthenticated = await Authentication.ValidateCredentialsAsync(
        _applicationSettings.Options.DomainController, 
        _applicationSettings.Options.DomainControllerSslPort, 
        model.eID, model.Password);
    if (isAuthenticated == false)
    {
        ModelState.AddModelError("", "Invalid username or password.");
        return View(model);
    }

    //
    // Signing the user step 1.
    //
    IdentityResult identityResult 
        = await _userManager.CreateAsync(
            applicationUser, 
            cancellationToken: Context.RequestAborted);

    if(identityResult != IdentityResult.Success)
    {
        foreach (IdentityError error in identityResult.Errors)
        {
            ModelState.AddModelError("", error.Description);
        }
        return View(model);
    }

    //
    // Signing the user step 2.
    //
    await _signInManager.SignInAsync(applicationUser,
        isPersistent: false,
        authenticationMethod:null,
        cancellationToken: Context.RequestAborted);

    return RedirectToLocal(returnUrl);
}

这篇关于如何使用Windows Active Directory验证和基于身份的声明？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！