您好,登錄后才能下訂單哦!
本文小編為大家詳細(xì)介紹“ASP.NET的Core AD域登錄過程怎么實(shí)現(xiàn)”,內(nèi)容詳細(xì),步驟清晰,細(xì)節(jié)處理妥當(dāng),希望這篇“ASP.NET的Core AD域登錄過程怎么實(shí)現(xiàn)”文章能幫助大家解決疑惑,下面跟著小編的思路慢慢深入,一起來學(xué)習(xí)新知識吧。
在選擇AD登錄時(shí),其實(shí)可以直接選擇 Windows 授權(quán),不過因?yàn)橛行┚W(wǎng)站需要的是LDAP獲取信息進(jìn)行授權(quán),而非直接依賴Web Server自帶的Windows 授權(quán)功能。
當(dāng)然如果使用的是Azure AD/企業(yè)賬號登錄時(shí),直接在ASP.NET Core創(chuàng)建項(xiàng)目時(shí)選擇就好了。
Nuget引用dependencies / 修改```project.json```
Novell.Directory.Ldap.NETStandard
Microsoft.AspNetCore.Authentication.Cookies
版本如下:
"Novell.Directory.Ldap.NETStandard": "2.3.5",
"Microsoft.AspNetCore.Authentication.Cookies": "1.1.0"
本文的AD登錄使用的是第三方的
```Novell.Directory.Ldap.NETStandard``` 進(jìn)行的LDAP操作(還沒有看這個(gè)LDAP的庫是否有安全性問題,如果有需要修改或更換)
代碼在下面鏈接中,就不單獨(dú)貼了,基本上就2個(gè)方法:
Register是獲取基本配置信息的
Validate是來驗(yàn)證用戶名密碼的
using System; using Microsoft.Extensions.Configuration; using Novell.Directory.Ldap; namespace Demo { public class LDAPUtil { public static string Host { get; private set; } public static string BindDN { get; private set; } public static string BindPassword { get; private set; } public static int Port { get; private set; } public static string BaseDC { get; private set; } public static string CookieName { get; private set; } public static void Register(IConfigurationRoot configuration) { Host = configuration.GetValue<string>("LDAPServer"); Port = configuration?.GetValue<int>("LDAPPort") ?? 389; BindDN = configuration.GetValue<string>("BindDN"); BindPassword = configuration.GetValue<string>("BindPassword"); BaseDC = configuration.GetValue<string>("LDAPBaseDC"); CookieName = configuration.GetValue<string>("CookieName"); } public static bool Validate(string username, string password) { try { using (var conn = new LdapConnection()) { conn.Connect(Host, Port); conn.Bind($"{BindDN},{BaseDC}", BindPassword); var entities = conn.Search(BaseDC,LdapConnection.SCOPE_SUB, $"(sAMAccountName={username})", new string[] { "sAMAccountName" }, false); string userDn = null; while (entities.hasMore()) { var entity = entities.next(); var account = entity.getAttribute("sAMAccountName"); //If you need to Case insensitive, please modify the below code. if (account != null && account.StringValue == username) { userDn = entity.DN; break; } } if (string.IsNullOrWhiteSpace(userDn)) return false; conn.Bind(userDn, password); // LdapAttribute passwordAttr = new LdapAttribute("userPassword", password); // var compareResult = conn.Compare(userDn, passwordAttr); conn.Disconnect(); return true; } } catch (LdapException) { return false; } catch (Exception) { return false; } } } }
"LDAPServer
": "192.168.1.1",//域服務(wù)器
"LDAPPort
": 389,//端口,一般默認(rèn)就是這個(gè)
"CookieName
": "testcookiename",//使用Cookie登錄的Cookie的Key
"BindDN
": "CN=DoWebUser,CN=Users",//用來獲取LDAP的信息用戶的用戶名
"BindPassword
": "!DoWebUserPassword",//用來獲取LDAP的信息的用戶的密碼,即DoWebUser的密碼
"LDAPBaseDC
": "DC=aspnet,DC=com",//域的DC
Startup方法中:
LDAPUtil.Register(Configuration);
ConfigureServices 方法中:
services.AddAuthorization(options =>{});
Configure方法中:
app.UseCookieAuthentication(new CookieAuthenticationOptions() { AuthenticationScheme = Configuration.GetValue<string>("CookieName"), LoginPath = new PathString("/Account/Login/"), AccessDeniedPath = new PathString("/Account/Login/"), AutomaticAuthenticate = true, AutomaticChallenge = true });
登錄的頁面:
[AllowAnonymous] public IActionResult Login() { return View(); }
登錄的Post頁面:
[HttpPost] [AllowAnonymous] public async Task<IActionResult> Login(string u, string p) { if (LDAPUtil.Validate(u, p)) { var identity = new ClaimsIdentity(new MyIdentity(u));//這個(gè)MyIdentity只是一個(gè)祼的IIdentity的實(shí)現(xiàn)的類 var principal = new ClaimsPrincipal(identity); await HttpContext.Authentication.SignInAsync(LDAPUtil.CookieName, principal); return RedirectToAction("Index", "Home"); } return View(); }
注銷的頁面:
[Authorize] public async Task<IActionResult> Logout() { await HttpContext.Authentication.SignOutAsync(LDAPUtil.CookieName); return RedirectToAction("Index", "Home"); }
讀到這里,這篇“ASP.NET的Core AD域登錄過程怎么實(shí)現(xiàn)”文章已經(jīng)介紹完畢,想要掌握這篇文章的知識點(diǎn)還需要大家自己動手實(shí)踐使用過才能領(lǐng)會,如果想了解更多相關(guān)內(nèi)容的文章,歡迎關(guān)注億速云行業(yè)資訊頻道。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。