您的位置: 首页  >  技术问答  >  ABP框架中的集成Windows身份验证

ABP框架中的集成Windows身份验证

分类: 技术问答 2022-05-25 12:57:29
问题描述:

我正在尝试将ABP与Windows身份验证一起使用,而不是基于表的身份验证.

I'm attempting to use ABP with Windows Authentication rather than Table-based authentication.

计划要有以下框架:

  1. 检测该网站是否处于Windows安全上下文中并绕过 登录页面.
  2. 然后关联Windows身份/角色并使用它们来映射 在数据库中定义的角色/权限.
  1. Detect that the website is in a Windows security context and bypass the login page.
  2. Then associate Windows Identity/Roles and use those to map the Roles/Permissions defined in the database.

我没有在文档中看到任何有关Windows集成方法的信息.

I did not see anything in the documentation regarding this Windows-integrated approach.

如果以前有人这样做,我将感谢您的提示.

If anyone has done this previously, I appreciate any tips.

我认为我最好的选择是使用基于策略的授权.因此,在控制器当前使用ABP身份验证属性的地方,我将恢复为普通的ASP.NET属性.

I think my best bet would be to use Policy-based authorization. So where the controllers currently use ABP auth attributes, I'll revert back to the normal ASP.NET ones.

例如[Authorize(Policy = "MyAppAdmin")]

本着共享的精神,我设法绕过了Windows身份验证上下文而避免使用登录屏幕.

in the spirit of sharing here is how i managed to circumvent the use of the login screen for a Window Authenticated context.

  1. 隐藏登录"面板,并在用户名/密码控件上设置一些虚拟数据(该虚拟数据实际上并未使用).
    2. js文件中的

  2. 立即运行登录操作(无用户交互)

  1. make the Login panel hidden and set some dummy data on the username/password controls (the dummy data is not actually used).

  2. in the js file run the login action immediately (no user interaction) 

abp.ajax({
    contentType: 'application/x-www-form-urlencoded',
    url: $loginForm.attr('action'),
    data: $loginForm.serialize()
});

  • 在AccountController中:

  • In the AccountController:

    var windowsIdentity = WindowsIdentity.GetCurrent();
loginModel.UsernameOrEmailAddress = windowsIdentity.Name;

var count = (from x in windowsIdentity.Claims where x.Value == "myclaim" select x).Count();

if (count == 0)
{
    throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(AbpLoginResultType.InvalidUserNameOrEmailAddress, loginModel.UsernameOrEmailAddress, null);
}

  • 按照上述答案中的说明创建一个ExternalAuthSource.由于实际身份验证已经完成,因此我们将始终返回true. 
    public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
    return Task.FromResult(true);
}

    它的另一个优点是,通过ABP框架自动创建了经过身份验证的用户.为新用户分配的角色取决于Default的角色-请参见表AbpUserRoles.

    • It has the added advantage that the authenticated user is created by the ABP Framework automatically. The Role the new user is assigned depends on the which role is the Default - see Table AbpUserRoles.

    希望这可以帮助尝试在Windows身份验证的上下文中使用该框架的人.

    Hopefully this helps somebody trying to use the framework in a Windows-Authenticated context.

    相关推荐