如何使用Windows Active Directory验证和基于身份的声明? [英] How to use Windows Active Directory Authentication and Identity Based Claims?
问题描述
我们希望使用Windows Active Directory来验证用户到应用程序中。但是,我们不希望使用Active Directory组来管理的控制器/视图授权。
We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.
据我所知,还没有结婚AD和身份基于声明的简单方法。
As far as I know, there is not an easy way to marry AD and identity based claims.
- 验证与当地的Active Directory用户
- 使用身份框架来管理要求
- Windows.Owin.Security.ActiveDirectory - 卫生署。这是为天青的AD。没有LDAP支持。难道他们已经把它称为AzureActiveDirectory呢?
- Windows验证 - 这是正常使用NTLM或Keberos验证。这些问题开始:我)令牌和索赔都是由AD管理,我无法弄清楚如何使用身份与它声称。
- LDAP - 但这些似乎是强迫我做手工窗体身份验证,才能使用身份声明?当然,必须有一个更简单的方法?
任何帮助会比AP preciated多。我一直停留在这个问题上相当长的时间,并就此事将AP preciate外部输入。
Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.
推荐答案
以上鞋业解决方案推动朝我为我工作的MVC6-β3Identityframework7-β3EntityFramework7-β3方向:
Shoe your solution above pushed me toward a direction that worked for me on MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return View(model);
}
//
// Check for user existance in Identity Framework
//
ApplicationUser applicationUser = await _userManager.FindByNameAsync(model.eID);
if (applicationUser == null)
{
ModelState.AddModelError("", "Invalid username");
return View(model);
}
//
// Authenticate user credentials against Active Directory
//
bool isAuthenticated = await Authentication.ValidateCredentialsAsync(
_applicationSettings.Options.DomainController,
_applicationSettings.Options.DomainControllerSslPort,
model.eID, model.Password);
if (isAuthenticated == false)
{
ModelState.AddModelError("", "Invalid username or password.");
return View(model);
}
//
// Signing the user step 1.
//
IdentityResult identityResult
= await _userManager.CreateAsync(
applicationUser,
cancellationToken: Context.RequestAborted);
if(identityResult != IdentityResult.Success)
{
foreach (IdentityError error in identityResult.Errors)
{
ModelState.AddModelError("", error.Description);
}
return View(model);
}
//
// Signing the user step 2.
//
await _signInManager.SignInAsync(applicationUser,
isPersistent: false,
authenticationMethod:null,
cancellationToken: Context.RequestAborted);
return RedirectToLocal(returnUrl);
}
这篇关于如何使用Windows Active Directory验证和基于身份的声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!