Mar*_*ark 6 docker dockerfile asp.net-core
我想从我的.NET Core Web 应用程序(它由多个项目组成)创建一个使用Windows Authentication的容器。这是我的Dockerfile:
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.1-sdk AS build
COPY Solution.sln ./
COPY Project1/*.csproj ./Project1/
COPY Project2/*.csproj ./Project2/
COPY Project3/*.csproj ./Project3/
COPY Project4/*.csproj ./Project4/
COPY Project5/*.csproj ./Project5/
RUN dotnet restore
COPY . .
WORKDIR /Project1
RUN dotnet build -c Release -o /app
WORKDIR /Project2
RUN dotnet build -c Release -o /app
WORKDIR /Project3
RUN dotnet build -c Release -o /app
WORKDIR /Project4
RUN dotnet build -c Release -o /app
FROM build AS publish
RUN dotnet publish -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Project4.dll"]
如果我运行容器,网站会打开,但不会打开登录对话框,并且用户信息丢失。在 Docker 容器内启用 Windows 身份验证的最简单方法是什么?
从本质上讲,您的容器是隔离的,不属于您的域,这使得 Windows 身份验证成为众所周知的问题。实现这一目标的方法是使用微软最近推出的一项名为 gMSA 的技术, https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and- 2012/hh831782(v=ws.11)
关于如何与 Docker 一起使用: https://www.axians-infoma.de/techblog/windows-authentication-in-docker-containers-just-got-a-lot-easier/ https://artisticcheese.wordpress。 com/2017/09/09/enabling-integrated-windows-authentication-in-windows-docker-container/
根据 Mark 请求,您还可以使用一段使用 LDAP 的代码:
private bool VerifyServerCertificateCallback(LdapConnection connection, X509Certificate certificate)
{
return new X509Certificate2(certificate).Verify();
}
public bool ValidateCredentials(string userName, string password)
{
try
{
var ldapDirectoryIdentifier = new ldapDirectoryIdentifier(ldapServer.ServerAddress);
var ldapConnection = new LdapConnection(ldapDirectoryIdentifier)
{
AuthType = AuthType.Basic
};
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.SessionOptions.VerifyServerCertificate = VerifyServerCertificateCallback;
ldapConnection.Bind(new NetworkCredential(string.Format(ldapServer.UserLocation, userName), password));
ldapConnection.Dispose();
}
catch (Exception exception) {
continue;
}
return true;
}
在你的控制器中:
if (ValidateCredentials(username, password))
{
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(
new List<Claim>()
{
new Claim(ClaimTypes.Name, username),
//...
},
/*"..."*/));
await HttpContext.SignInAsync(AuthSchemeName, principal);
}
| 归档时间: |
|
| 查看次数: |
4721 次 |
| 最近记录: |