ama*_*man 3 c# active-directory asp.net-core-mvc asp.net-core asp.net-core-2.0
我有一个应用程序登录时我想检查用户是否是特定AD组的一部分.如果是,则继续应用程序,如果没有则显示错误:"我确实有AD的LDAP连接地址".
我不知道我们怎么能做这个.NET核心,因为没有任何例子可以做到这一点.
我有一个类似的问题,并通过使用中间件解决它.
我添加到appsettings.json行与用户和组进行身份验证(或哪些将被授权),例如:
{
"AuthenticationGroupsAndUsers": "domain\\group,domain\\username",
"Logging": {
"LogLevel": {
"Default": "Warning"
}
}
}
添加一个新类,它将读取配置并检查当前用户是否属于授权组/用户
public class AdAuthorizationMiddleware
{
private readonly string _groupsAndUsersConfigField = "AuthenticationGroupsAndUsers";
private readonly List<string> _authorizedGroupAndUsers;
private IConfigurationRoot _configuration { get; }
private readonly RequestDelegate _next;
public AdAuthorizationMiddleware(RequestDelegate next)
{
// Read and save app settings
_configuration = GetConfiguration();
_authorizedGroupAndUsers = _configuration[_groupsAndUsersConfigField].Split(',').ToList();
_next = next;
}
public async Task Invoke(HttpContext context)
{
// Check does user belong to an authorized group or not
var isAuthorized = _authorizedGroupAndUsers.Any(i => context.User.IsInRole(i));
// Return error if the current user is not authorized
if (!isAuthorized){
context.Response.StatusCode = 403;
return;
}
// Jump to the next middleware if the user is authorized
await _next.Invoke(context);
}
private static IConfigurationRoot GetConfiguration()
{
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json");
Console.WriteLine("Configuration is loaded");
return builder.Build();
}
}
为此中间件添加扩展类
public static class AdAuthorizationMiddlewareExtension
{
public static IApplicationBuilder UseAdAuthorizationMiddleware(
this IApplicationBuilder builder)
{
return builder.UseMiddleware<AdAuthorizationMiddleware>();
}
}
在Startup.cs - > Configure方法中调用扩展类的这个静态方法:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// ...
//some code
app.UseAuthentication();
app.UseAdAuthorizationMiddleware();
// some routing
// ...
}
| 归档时间: |
|
| 查看次数: |
3632 次 |
| 最近记录: |