如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?

How to use Servicestack Authentication with Active Directory/Windows Authentication?(如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?)
本文介绍了如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我正在创建一个安全 (SSL) 公共服务,其中用户凭据驻留在 Active Directory 中.我想利用 ServiceStack 的身份验证并阅读了 wiki 文章.我已经编写了代码来使用 AD 验证用户凭据.我有几个问题.

I am creating a secure (SSL) public service where the users credentials reside in Active Directory. I want to leverage ServiceStack's Authentication and have read over the wiki article. I already have code written to verify the user credentials with AD. I have a few questions.

  1. 我使用哪个身份验证提供程序?凭据、基本身份验证还是自定义?该服务需要 SSL,因此基本身份验证是安全的,但密码将被加密以增加安全性.
  2. 我还需要存储 UserAuth 并缓存 AuthUserSession 吗?
  3. 单点触控客户端是否支持身份验证?

更新 2:我最终使用 CredentialsAuthProvider 制作了一个与 AD 集成的测试 SS 服务.然而,我的最终目标是拥有 1 个站点,当客户端调用时它是一个 api.所以基本上是一个 SS MVC 站点.

Update 2: I did end up making a test SS service that integrated with AD, using CredentialsAuthProvider. However my ultimate goal it to have 1 site that is an api when called by clients. So basically a SS MVC site.

更新:

经过进一步研究,我了解到 SS 正在考虑做一个未来可能支持 Windows 身份验证的商业产品.我在 SS Google 小组 mythz 的评论中读到了这一点.我问这个 SO 问题的原因是我的公司使用 IWA 构建内部应用程序,并且没有 IWA 很难采用 SS MVC.我想我读到您可以从使用 IWA 的 ASP.NET 站点托管 SS MVC 站点,但我还没有尝试过.

It is my understanding after doing some more research that SS is considering doing a commercial product that may support Windows Authentication in the future. I read this in a comment from mythz on the SS Google group. The reason I asked this SO question is that my company builds internal applications using IWA and adopting SS MVC is hard without IWA. I think I read that you could host the SS MVC site off of a ASP.NET site that uses IWA but I have not tried that yet.

推荐答案

我也将 ServiceStack 与集成的 Windows 身份验证连接起来(用于企业应用程序),关键是跳过尝试将其与 ServiceStack 的 AuthProviders 完全集成,因为 IWA 的一般方法不处理应用程序代码中的凭据——它由 Web 服务器处理.我所做的是:

I've also hooked up ServiceStack with Integrated Windows Authentication (for a corporate application), and the key was to skip trying to integrate it with ServiceStack's AuthProviders entirely, since the general approach of IWA doesn't deal with credentials in your application code -- it's handled by the web server. What I did was:

  1. 在 IIS 中配置站点/应用程序,以便 Windows 身份验证是唯一启用的选项.(不允许匿名访问.)这意味着 IIS 本身将处理未经身份验证的用户的质询-响应 (HTTP 401/200) 序列,并为您处理流程的身份验证部分.

  1. Configure the site/application in IIS so that Windows Authentication was the only enabled option. (No Anonymous access allowed.) This means IIS itself will take care of the challenge-response (HTTP 401/200) sequence with unauthenticated users, and handles the authentication part of the process for you.

实现 ServiceStack 的 IHasRequestFilter(一个 HTTP 预请求过滤器)作为一个属性(例如,[AdminOnly]).此过滤器的 RequestFilter 方法从 HttpContext (HttpContext.User.Identity.Name) 获取当前用户名,从存储库(可能是 SQL 数据库、平面文件等)中查找它,缓存结果使用 ServiceStack 的 ICacheClient(内存缓存、Redis 等),如果未授权则抛出 403 HttpError.

Implement ServiceStack's IHasRequestFilter (an HTTP pre-request filter) as an Attribute (e.g., [AdminOnly]). This filter's RequestFilter method fetches the current username from HttpContext (HttpContext.User.Identity.Name), looks it up from a repository (which could be a SQL database, flat file, etc.), caches results using ServiceStack's ICacheClient (memory cache, Redis, etc.), and throws a 403 HttpError if unauthorized.

完成此操作后,所需要做的就是将属性添加到需要的类或方法中(在需要的地方将此身份验证/授权放入服务管道中),并在我的 AppHost 实现中注册我需要的缓存提供程序,例如:

With this done, all that was necessary was to add the attribute to classes or methods where desired (which gets this authentication/authorization into the service pipeline where desired), and register my desired cache provider in my AppHost implementation, e.g.:

 container.Register<ICacheClient>(new MemoryCacheClient() { FlushOnDispose = false });

效果很好.

这篇关于如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

What#39;s the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?(从 WindowsIdentity 和 Thread.CurrentPrincipal 检索 WindowsPrincipal 之间有什么区别?)
How do I find a user#39;s Active Directory display name in a C# web application?(如何在 C# Web 应用程序中查找用户的 Active Directory 显示名称?)
How can I authenticate against Active Directory in Nancy?(如何在 Nancy 中对 Active Directory 进行身份验证?)
How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
Oauth 2 token for Active Directory accounts(Active Directory 帐户的 Oauth 2 令牌)
Working with DirectoryServices in ASP.NET Core(在 ASP.NET Core 中使用 DirectoryServices)