[英]How can I authenticate a windows user over a REST API call without IIS/WCF?
While developing an on-premise, intranet-only REST API server for my company, I managed to completely confuse myself regarding authentication issues. 在为我的公司开发内部部署的仅Intranet REST API服务器时,我设法完全混淆了自己的身份验证问题。
I have : 我有 :
I do not have: 我没有 :
I want : 我想 :
I do not want to: 我不想 :
I have read articles that show how to use Windows authentication with IIS , or how to use Azure Active Directory (AAD) with Nancy . 我已阅读文章,介绍如何在IIS中使用Windows身份验证 ,或如何在Nancy中使用Azure Active Directory(AAD) 。 Other questions here have already informed me how to authenticate username / password combinations against the Active Directory .
此处的其他问题已经告诉我如何针对Active Directory验证用户名/密码组合 。 However, none of these satisfy all of my requirements or have requirements of their own (like AAD/ADFS) that I cannot meet.
但是,这些都不能满足我的所有要求,也不能满足我们自己的要求(如AAD / ADFS)。
It seems that Kerberos/SSPI might be what I want, but it seems very involved and quite complicated to get working with C#. 似乎Kerberos / SSPI可能是我想要的,但它似乎非常复杂,并且使用C#非常复杂。 It is possible I will have to go this route, but I could really benefit from some minimal working example (the accepted answer provides a C# implementation/wrapper, including an example project, but I can't seem to be able to make heads or tails of it).
我可能必须走这条路,但我真的可以从一些最小的工作示例中受益(接受的答案提供了一个C#实现/包装器,包括一个示例项目,但我似乎无法做出头或者它的尾巴)。
Maybe I am naive, but what I image the solution to be is something along the following lines: 也许我很天真,但我想要解决的问题是以下几点:
Is this possible at all? 这有可能吗? Ideally, with some sort of ready made library that I can plug in to my projects (I'm reaching, I know)?
理想情况下,我可以使用某种现成的库来插入我的项目(我知道了)?
You can do this with stateless authentication and Jwt. 您可以使用无状态身份验证和Jwt执行此操作。 Send a username and password to "/ auth" (example) and "/ auth" will search the AD (example) and validate if the user exists, then create a Jwt token with the name of the user on load.
将用户名和密码发送到“/ auth”(示例),“/ auth”将搜索AD(示例)并验证用户是否存在,然后创建一个带有用户名称的Jwt令牌。 When you make a request, you will only send a Jwt token and Nancy validates the token.
当您发出请求时,您只会发送一个Jwt令牌,而Nancy会验证该令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.