您的位置: 首页  >  技术问答  >  ABP 框架中的集成 Windows 身份验证

ABP 框架中的集成 Windows 身份验证

分类: 技术问答 2022-05-25 12:57:17
问题描述:

我正在尝试将 ABP 与 Windows 身份验证一起使用,而不是基于表的身份验证.

I'm attempting to use ABP with Windows Authentication rather than Table-based authentication.

计划是有框架:

  1. 检测该网站在 Windows 安全上下文中并绕过登录页面.
  2. 然后关联 Windows 身份/角色并使用它们来映射数据库中定义的角色/权限.

我在文档中没有看到任何关于这种 Windows 集成方法的内容.

I did not see anything in the documentation regarding this Windows-integrated approach.

如果有人以前这样做过,我很感激任何提示.

If anyone has done this previously, I appreciate any tips.

我认为最好的办法是使用基于策略的授权.因此,在控制器当前使用 ABP 身份验证属性的地方,我将恢复到正常的 ASP.NET 属性.

I think my best bet would be to use Policy-based authorization. So where the controllers currently use ABP auth attributes, I'll revert back to the normal ASP.NET ones.

例如[Authorize(Policy = "MyAppAdmin")]

本着在这里分享的精神,我设法绕过登录屏幕用于 Window Authenticated 上下文.

in the spirit of sharing here is how i managed to circumvent the use of the login screen for a Window Authenticated context.

  1. 隐藏登录面板并在用户名/密码控件上设置一些虚拟数据(虚拟数据实际上并未使用).

  2. 在 js 文件中立即运行登录操作(无用户交互)

  1. make the Login panel hidden and set some dummy data on the username/password controls (the dummy data is not actually used).

  2. in the js file run the login action immediately (no user interaction) 

abp.ajax({
    contentType: 'application/x-www-form-urlencoded',
    url: $loginForm.attr('action'),
    data: $loginForm.serialize()
});

  • 在 AccountController 中:

  • In the AccountController:

    var windowsIdentity = WindowsIdentity.GetCurrent();
loginModel.UsernameOrEmailAddress = windowsIdentity.Name;

var count = (from x in windowsIdentity.Claims where x.Value == "myclaim" select x).Count();

if (count == 0)
{
    throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(AbpLoginResultType.InvalidUserNameOrEmailAddress, loginModel.UsernameOrEmailAddress, null);
}

  • 按照上述答案中的说明创建一个 ExternalAuthSource.我们将始终返回 true 因为真正的身份验证已经完成.

  • Create an ExternalAuthSource as described in the answer above. We will always return true becuase the real authentication is already done. 
    public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
    return Task.FromResult(true);
}

    它还有一个额外的优势,即经过身份验证的用户是由 ABP 框架自动创建的.为新用户分配的角色取决于哪个角色是 Default - 请参阅表 AbpUserRoles.

    • It has the added advantage that the authenticated user is created by the ABP Framework automatically. The Role the new user is assigned depends on the which role is the Default - see Table AbpUserRoles.

    希望这对尝试在 Windows 身份验证上下文中使用该框架的人有所帮助.

    Hopefully this helps somebody trying to use the framework in a Windows-Authenticated context.

    相关推荐