如何使用ActiveDirectoryMembershipProvider与ASP.Net身份? [英] How to use ActiveDirectoryMembershipProvider with ASP.Net Identity?
问题描述
我想学习如何使用ASP.Net身份。我的情况是,我必须对Active Directory进行身份验证。为了这个目的,我试图用 ActiveDirecotoryMembershipProvider 。我要做的就是 -
I am trying to learn how to use ASP.Net Identity. My scenario is that I have to authenticate against Active Directory. For that purpose I am trying to use ActiveDirecotoryMembershipProvider. What I have to do is -
- 验证对Active Directory用户名/密码
- 检查是否。用户出现在我自己的数据库。
我做的是我在配置方式的web.config 使用 ActiveDirectoryMembershipProvider 默认成员资格提供程序。然后,我重写我的 ApplicationSignInManager 类 PasswordSignInAsync 方法(它继承了 SignInManager )如下: -
The way I did it is I configured in my web.config to use ActiveDirectoryMembershipProvider as default membership provider. Then I override PasswordSignInAsync method in my ApplicationSignInManager class (which inherits SignInManager) as follows -
public override Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool isPersistent, bool shouldLockout)
{
var adok = Membership.Provider.ValidateUser(userName, password);
if (adok)
{
var user = UserManager.FindByName(userName);
if (user == null)
return Task.FromResult<SignInStatus>(SignInStatus.Failure);
else
{
base.SignInAsync(user, isPersistent, shouldLockout);
return Task.FromResult<SignInStatus>(SignInStatus.Success);
}
}
else
return Task.FromResult<SignInStatus>(SignInStatus.Failure);
}
这似乎工作。但我认为这是不这样做的正确方法。任何人都可以提出任何更好的方法来实现这一目标?
This seems to work. But I think it's not the right way to do it. Can anyone suggest any better way to achieve this?
下面是我叫上述
var result = await SignInManager.PasswordSignInAsync(username, password, isPersistent: false, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToAction("Index", "Home");
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View();
}
据我得到了答案,我不应该叫会员验证在 PasswordSignInAsync 。我同意这一点。事实上,我认为覆盖方法是错误的为好。
According to the answers I got, I should not call Membership Validate method inside PasswordSignInAsync. I agree with that. In fact, I think overriding the method is wrong as well.
也有人建议我用 UserLogins 其中,我想给我的广告商ID。但我能想到用这个唯一的方法如下 -
It was also suggested that I use UserLogins where I would give my AD an provider ID. But the only way I can think of using this is as follows -
IList<UserLoginInfo> loginInfos = await SignInManager.UserManager.GetLoginsAsync(username);
var valid = false;
foreach(var info in loginInfos)
{
valid = Membership.Providers[info.ProviderKey].ValidateUser(username, password);
if (valid) break;
}
所以,如果我想对多个供应商,我可以创建提供商用户进行身份验证为每个键和分配这些提供商按键给用户。而这个代码将验证对它们的用户。但我应该在哪里把这个代码?我应该遵循哪些约定?
So, if I want to authenticate an user against multiple Providers I can create provider key for each of them and assign those provider keys to the users. And this code will validate the user against them. But where should I put this code? What convention should I follow?
我不热衷于编码AD验证自己,因为我觉得 ActiveDirectoryMembershipProvider 可以做比我自己的代码更好的工作。同样对于这两种情况下我必须添加引用的System.DirectoryServices 反正。
I am not keen on coding the AD validation myself because I think ActiveDirectoryMembershipProvider can do a better job than my own code. Also for both cases I have to add reference to System.DirectoryServices anyway.
推荐答案
您不想身份混合MembershipProviders。你最有可能想要做的,是把登录到ActiveDirectory中类似的身份如何对待其他外部登录(如谷歌/ Facebook的)。
You don't want to mix MembershipProviders with identity. What you most likely want to do, is treat logging into ActiveDirectory similar to how identity treats other external logins (like google/facebook).
这基本上可以归结为存储AD用户名作为登录:
This basically boils down to storing the AD username as a login:
的UserManager .AddLogin(小于用户id>中新UserLoginInfo(ActiveDirectory的,< ADUserName>中)
如果你只通过AD登录,那么你确实可以覆盖PasswordSignIn明确验证对AD
If you only login via AD, then you could indeed override PasswordSignIn to explicitly validate against AD
否则,你会想这只是针对广告的特定登录流程,保留现有的本地密码/社交登录功能。
Otherwise, you'd want this in only the specific login flow for AD, preserving the existing local password/social login functionality.
这篇关于如何使用ActiveDirectoryMembershipProvider与ASP.Net身份?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
