[英]Integrated Windows Authentication in ABP framework
I'm attempting to use ABP with Windows Authentication rather than Table-based authentication.我正在尝试将 ABP 与 Windows 身份验证一起使用,而不是基于表的身份验证。
The plan is to have the framework:计划是拥有以下框架:
I did not see anything in the documentation regarding this Windows-integrated approach.我在文档中没有看到关于这种 Windows 集成方法的任何内容。
If anyone has done this previously, I appreciate any tips.如果有人以前做过这件事,我很感激任何提示。
I think my best bet would be to use Policy-based authorization.我认为我最好的选择是使用基于策略的授权。 So where the controllers currently use ABP auth attributes, I'll revert back to the normal ASP.NET ones.
因此,在控制器当前使用 ABP 身份验证属性的地方,我将恢复到正常的 ASP.NET 属性。
eg [Authorize(Policy = "MyAppAdmin")]
例如
[Authorize(Policy = "MyAppAdmin")]
To login the user thru official AspNet Boilerplate API (to have roles and other stuffs) you can use external authentication.要通过官方 AspNet Boilerplate API(拥有角色和其他东西)登录用户,您可以使用外部身份验证。 It is exactly what you are looking for;
这正是您要寻找的;
https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management#external-authentication https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management#external-authentication
in the spirit of sharing here is how i managed to circumvent the use of the login screen for a Window Authenticated context.本着在这里分享的精神,我是如何设法绕过登录屏幕用于 Window Authenticated 上下文的。
in the js file run the login action immediately (no user interaction)在 js 文件中立即运行登录操作(无用户交互)
abp.ajax({ contentType: 'application/x-www-form-urlencoded', url: $loginForm.attr('action'), data: $loginForm.serialize() });
In the AccountController:在 AccountController 中:
var windowsIdentity = WindowsIdentity.GetCurrent(); loginModel.UsernameOrEmailAddress = windowsIdentity.Name; var count = (from x in windowsIdentity.Claims where x.Value == "myclaim" select x).Count(); if (count == 0) { throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(AbpLoginResultType.InvalidUserNameOrEmailAddress, loginModel.UsernameOrEmailAddress, null); }
true
becuase the real authentication is already done.true
因为真正的身份验证已经完成。 public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant) { return Task.FromResult(true); }
It has the added advantage that the authenticated user is created by the ABP Framework automatically.Default
- see Table AbpUserRoles
.Default
角色 - 请参阅表AbpUserRoles
。 Hopefully this helps somebody trying to use the framework in a Windows-Authenticated context.希望这有助于尝试在 Windows 身份验证上下文中使用该框架的人。
I tried to do what John suggested, but I had to make a few changes, so this is how I did it.我试着按照约翰的建议去做,但我不得不做一些改变,所以我就是这样做的。
"angular\\src\\account\\login\\login.component.ts" "angular\\src\\account\\login\\login.component.ts"
class LoginComponent {
ngOnInit() {
this.loginService.authenticateModel.userNameOrEmailAddress = 'foo';
this.loginService.authenticateModel.password = 'bar';
this.login();
}
}
"aspnet-core\\src\\ProjectName.Core\\Authentication\\AlwaysTrue\\AlwaysTrueExternalAuthSource.cs" “aspnet-core\\src\\ProjectName.Core\\Authentication\\AlwaysTrue\\AlwaysTrueExternalAuthSource.cs”
public class AlwaysTrueExternalAuthSource: DefaultExternalAuthenticationSource<Tenant, User>, ITransientDependency
{
public override string Name => "AlwaysTrueExternalAuthSource";
public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
return Task.FromResult(true);
}
}
"aspnet-core\\src\\ProjectName.Core\\ProjectNameCoreModule.cs" “aspnet-core\\src\\ProjectName.Core\\ProjectNameCoreModule.cs”
public class ProjectNameCoreModule : AbpModule
{
public override void PreInitialize()
{
Configuration.Modules.Zero().UserManagement.ExternalAuthenticationSources.Add<AlwaysTrueExternalAuthSource>();
}
}
"aspnet-core\\src\\ProjectName.Web.Core\\Controllers\\TokenAuthController.cs" “aspnet-core\\src\\ProjectName.Web.Core\\Controllers\\TokenAuthController.cs”
public class TokenAuthController : ProjectNameControllerBase
{
[HttpPost]
public async Task<AuthenticateResultModel> Authenticate([FromBody] AuthenticateModel model)
{
var windowsIdentity = WindowsIdentity.GetCurrent();
model.UserNameOrEmailAddress = windowsIdentity.Name.ToLowerInvariant().Replace("\\","");
var loginResult = await GetLoginResultAsync(...)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.