2012-09-12 90 views
10

這是一篇過時的文章,但http://msdn.microsoft.com/en-us/library/ff650308.aspx#paght000026_step3說明了我想要做的事情。我選擇了Nancy作爲我的網頁框架,因爲它簡單而低禮儀的做法。所以,我需要一種使用Nancy來對Active Directory進行身份驗證的方法。如何在南希對Active Directory進行身份驗證?

在ASP.NET中,它看起來像只能通過web.config文件中的某些設置在基於數據庫的成員資格提供程序和Active Directory之間切換。我並不特別需要這一點,但是在開發和生產之間切換的能力將會很棒。

這怎麼辦?

+1

順便說一句,如果這是現在沒空,我將貢獻它..在任何指導方向會也有幫助。 –

+0

我剛剛向南希回購添加了一個問題:https://github.com/NancyFx/Nancy/issues/742 –

回答

13

真的,解決方案比看起來簡單得多。只要將Active Directory視爲您的用戶的存儲庫(就像數據庫一樣)。您只需查詢AD即可驗證輸入的用戶名和密碼是否有效。所以,只需使用Nancy的Forms Validation並在你的IUserMapper實現中處理與AD的連接。以下是我想出了我的用戶映射:

public class ActiveDirectoryUserMapper : IUserMapper, IUserLoginManager 
{ 
    static readonly Dictionary<Guid, long> LoggedInUserIds = new Dictionary<Guid, long>(); 

    readonly IAdminUserValidator _adminUserValidator; 
    readonly IAdminUserFetcher _adminUserFetcher; 
    readonly ISessionContainer _sessionContainer; 

    public ActiveDirectoryUserMapper(IAdminUserValidator adminUserValidator, IAdminUserFetcher adminUserFetcher, ISessionContainer sessionContainer) 
    { 
     _adminUserValidator = adminUserValidator; 
     _adminUserFetcher = adminUserFetcher; 
     _sessionContainer = sessionContainer; 
    } 

    public IUserIdentity GetUserFromIdentifier(Guid identifier, NancyContext context) 
    { 
     _sessionContainer.OpenSession(); 
     var adminUserId = LoggedInUserIds.First(x => x.Key == identifier).Value; 
     var adminUser = _adminUserFetcher.GetAdminUser(adminUserId); 
     return new ApiUserIdentity(adminUser); 
    } 

    public Guid Login(string username, string clearTextPassword, string domain) 
    { 
     var adminUser = _adminUserValidator.ValidateAndReturnAdminUser(username, clearTextPassword, domain); 
     var identifier = Guid.NewGuid(); 
     LoggedInUserIds.Add(identifier, adminUser.Id); 
     return identifier; 
    } 
} 

我保持的紀錄在我的數據庫來處理角色,因此此類處理與AD驗證,並從數據庫中獲取的用戶:

public class AdminUserValidator : IAdminUserValidator 
{ 
    readonly IActiveDirectoryUserValidator _activeDirectoryUserValidator; 
    readonly IAdminUserFetcher _adminUserFetcher; 

    public AdminUserValidator(IAdminUserFetcher adminUserFetcher, 
           IActiveDirectoryUserValidator activeDirectoryUserValidator) 
    { 
     _adminUserFetcher = adminUserFetcher; 
     _activeDirectoryUserValidator = activeDirectoryUserValidator; 
    } 

    #region IAdminUserValidator Members 

    public AdminUser ValidateAndReturnAdminUser(string username, string clearTextPassword, string domain) 
    { 
     _activeDirectoryUserValidator.Validate(username, clearTextPassword, domain); 

     return _adminUserFetcher.GetAdminUser(1);    
    } 

    #endregion 
} 

而這個類實際上驗證用戶名/密碼組合在Active Directory中:

public class ActiveDirectoryUserValidator : IActiveDirectoryUserValidator 
{ 
    public void Validate(string username, string clearTextPassword, string domain) 
    { 
     using (var principalContext = new PrincipalContext(ContextType.Domain, domain)) 
     { 
      // validate the credentials 
      bool isValid = principalContext.ValidateCredentials(username, clearTextPassword); 
      if (!isValid) 
       throw new Exception("Invalid username or password."); 
     } 

    } 
} 
+0

Minor nitpick:而不是LoggedInUserIds.First(x => x.Key ==標識符).Value' ,你不能只是做'LoggedInUserIds [標識符]'? 'Login'方法中還有'LoggedInUserIds [identifier] = adminUser.Id'。 –

+0

這可以作爲一個Nuget Nancy.ActiveDirectoryAuthentication包嗎? – pashute

+0

@pashute [AD討論](https://github.com/NancyFx/Nancy/issues/742)在南希的問題跟蹤器(回覆此答案) – Omni

相關問題