如何在 Nancy 中对 Active Directory 进行身份验证?

How can I authenticate against Active Directory in Nancy?(如何在 Nancy 中对 Active Directory 进行身份验证?)
本文介绍了如何在 Nancy 中对 Active Directory 进行身份验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

这是一篇过时的文章,但 http://msdn.microsoft.com/en-us/library/ff650308.aspx#paght000026_step3 说明了我想要做什么.我选择了 Nancy 作为我的网络框架,因为它的简单性和低调的方法.因此,我需要一种使用 Nancy 对 Active Directory 进行身份验证的方法.

It's an outdated article, but http://msdn.microsoft.com/en-us/library/ff650308.aspx#paght000026_step3 illustrates what I want to do. I've chosen Nancy as my web framework because of it's simplicity and low-ceremony approach. So, I need a way to authenticate against Active Directory using Nancy.

在 ASP.NET 中,看起来您只需通过 web.config 文件中的一些设置就可以在基于数据库的成员资格提供程序和 Active Directory 之间切换.我不是特别需要,但在开发和生产之间切换的能力会很棒.

In ASP.NET, it looks like you can just switch between a db-based membership provider and Active Directory just by some settings in your web.config file. I don't need that specifically, but the ability to switch between dev and production would be amazing.

如何做到这一点?

推荐答案

实际上,解决方案比看起来简单得多.只需将 Active Directory 视为用户的存储库(就像数据库一样).您需要做的就是查询 AD 以验证输入的用户名和密码是否有效.所以,只需使用 Nancy's Forms Validation 并在您的 IUserMapper 实现中处理与 AD 的连接.这是我为我的用户映射器想到的:

Really the solution is much simpler than it may seem. Just think of Active Directory as a repository for your users (just like a database). All you need to do is query AD to verify that the username and password entered are valid. SO, just use Nancy's Forms Validation and handle the connetion to AD in your implementation of IUserMapper. Here's what I came up with for my user mapper:

public class ActiveDirectoryUserMapper : IUserMapper, IUserLoginManager
{
    static readonly Dictionary<Guid, long> LoggedInUserIds = new Dictionary<Guid, long>(); 

    readonly IAdminUserValidator _adminUserValidator;
    readonly IAdminUserFetcher _adminUserFetcher;
    readonly ISessionContainer _sessionContainer;

    public ActiveDirectoryUserMapper(IAdminUserValidator adminUserValidator, IAdminUserFetcher adminUserFetcher, ISessionContainer sessionContainer)
    {
        _adminUserValidator = adminUserValidator;
        _adminUserFetcher = adminUserFetcher;
        _sessionContainer = sessionContainer;
    }

    public IUserIdentity GetUserFromIdentifier(Guid identifier, NancyContext context)
    {
        _sessionContainer.OpenSession();
        var adminUserId = LoggedInUserIds.First(x => x.Key == identifier).Value;
        var adminUser = _adminUserFetcher.GetAdminUser(adminUserId);
        return new ApiUserIdentity(adminUser);
    }

    public Guid Login(string username, string clearTextPassword, string domain)
    {
        var adminUser = _adminUserValidator.ValidateAndReturnAdminUser(username, clearTextPassword, domain);
        var identifier = Guid.NewGuid();
        LoggedInUserIds.Add(identifier, adminUser.Id);
        return identifier;
    }
}

我在我的数据库中保存了一个记录来处理角色,所以这个类处理 AD 验证和从数据库中获取用户:

I'm keeping a record in my database to handle roles, so this class handles verifying with AD and fetching the user from the database:

public class AdminUserValidator : IAdminUserValidator
{
    readonly IActiveDirectoryUserValidator _activeDirectoryUserValidator;
    readonly IAdminUserFetcher _adminUserFetcher;

    public AdminUserValidator(IAdminUserFetcher adminUserFetcher,
                              IActiveDirectoryUserValidator activeDirectoryUserValidator)
    {
        _adminUserFetcher = adminUserFetcher;
        _activeDirectoryUserValidator = activeDirectoryUserValidator;
    }

    #region IAdminUserValidator Members

    public AdminUser ValidateAndReturnAdminUser(string username, string clearTextPassword, string domain)
    {
        _activeDirectoryUserValidator.Validate(username, clearTextPassword, domain);

        return _adminUserFetcher.GetAdminUser(1);            
    }

    #endregion
}

并且这个类实际上验证了 Active Directory 中存在用户名/密码组合:

And this class actually verifies that the username/password combination exist in Active Directory:

public class ActiveDirectoryUserValidator : IActiveDirectoryUserValidator
{
    public void Validate(string username, string clearTextPassword, string domain)
    {
        using (var principalContext = new PrincipalContext(ContextType.Domain, domain))
        {
            // validate the credentials
            bool isValid = principalContext.ValidateCredentials(username, clearTextPassword);
            if (!isValid)
                throw new Exception("Invalid username or password.");
        }

    }
}

这篇关于如何在 Nancy 中对 Active Directory 进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

What#39;s the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?(从 WindowsIdentity 和 Thread.CurrentPrincipal 检索 WindowsPrincipal 之间有什么区别?)
How do I find a user#39;s Active Directory display name in a C# web application?(如何在 C# Web 应用程序中查找用户的 Active Directory 显示名称?)
How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
Working with DirectoryServices in ASP.NET Core(在 ASP.NET Core 中使用 DirectoryServices)
Create Active Directory user in .NET (C#)(在 .NET (C#) 中创建 Active Directory 用户)
LdapConnection vs. PrincipalContext(LdapConnection 与 PrincipalContext)