是否可以向servicestack添加多個身份驗證方法?我有五個用戶:ServiceStack混合身份驗證方法,多種組織和方法AD FS2,openId,facebook,google
1. User 1 (Facebook account, Organization 1)
2. User 2 (Google account, Organization 1)
3. User 3 (AD FS2, Organization 2, https://company2.com/adfs/ls/)
4. User 4 (AD FS2, Organization 3, https://company3.de/adfs/ls/)
5. User 5 (AD FS2, Organization 3, https://company3.de/adfs/ls/)
驗證方法應該由用戶Email選擇。所有用戶都在一個組織中,電子郵件是唯一的)。
如何使用AD FS2驗證用戶? 如何實現多個auth提供程序和方法?
我有類似的情況,其中一個用戶可以從不同的來源登錄,在我的情況下,他們可以從網站和社交網絡登錄,所有的電子郵件爲所有可能的身份驗證登錄應該是相同的。
我建議您爲每種情況創建海關認證提供程序,並在每種登錄方法中堅持所需的任何信息,以遵循您的認證邏輯。
在這種情況下,就應該像這樣
Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[]
{
container.Resolve<CustomFacebookProvider>(),
container.Resolve<CustomAuthProvider>(),
container.Resolve<CustomGoogleOpenIdOAuthProvider>(),
}));
容器將解決you'll有任何自aperations任何依賴關係,您需要同時結合你的持久化層進入到身份驗證提供者的每一個運行任何邏輯,你需要以驗證例如用戶登錄的事情:
public class CustomAuthProvider : CredentialsAuthProvider
{
public new static string Name = AuthService.CredentialsProvider;
public new static string Realm = "/auth/" + AuthService.CredentialsProvider;
private readonly IUserRepository _userRepository; // custom repo
public CustomAuthProvider(IUserRepository userRepository, IResourceManager appSettings)
: base(appSettings)
{
_userRepository = userRepository;
CallbackUrl = appSettings.GetString("oauth.{0}.CallbackUrl".Fmt(Name));
RedirectUrl = appSettings.GetString("oauth.{0}.RedirectUrl".Fmt(Name));
SessionExpiry = DefaultSessionExpiry;
}
public override object Authenticate(IServiceBase authService, IAuthSession session,
ServiceStack.ServiceInterface.Auth.Auth request)
{
string userName = request.UserName;
string password = request.Password;
if (!LoginMatchesSession(session, userName))
{
authService.RemoveSession();
session = authService.GetSession();
}
if (TryAuthenticate(authService, userName, password))
{
authService.SaveSession(session, SessionExpiry);
if (session.UserAuthName == null)
session.UserAuthName = userName;
OnAuthenticated(authService, session, null, null);
return new AuthResponse
{
UserName = userName,
SessionId = session.Id,
ReferrerUrl = RedirectUrl
};
}
throw new HttpError(HttpStatusCode.BadRequest, "400", "Invalid username or password");
}
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
IAuthSession session = authService.GetSession();
User user = _userRepository.GetByUserName(userName);
if (_userRepository.login(username,password)) //or any other validation logic here
{
session.IsAuthenticated = true;
session.UserAuthId = string.Format("{0}", user.Id);
session.Id = authService.GetSessionId();
session.LastModified = user.LastLoginDate;
session.DisplayName = user.DisplayName;
session.Email = user.Email;
session.UserName = user.UserName;
user.LastLoginDate = DateTime.Now;
_userRepository.Update(user); //custom logic
return true;
}
return false;
}
和相同的過程之後,應當像Facebook,谷歌+,等其他自定義提供,至少這種方式工作得很好爲了我。