如何在Nancy中针对Active Directory进行身份validation?
这是一篇过时的文章,但http://msdn.microsoft.com/en-us/library/ff650308.aspx#paght000026_step3说明了我想做的事情。 我选择南希作为我的网络框架,因为它的简单性和低礼仪方法。 因此,我需要一种使用Nancy对Active Directory进行身份validation的方法。
在ASP.NET中,看起来您只需通过web.config文件中的某些设置在基于数据库的成员资格提供程序和Active Directory之间切换即可。 我不需要具体,但在开发和生产之间切换的能力将是惊人的。
如何才能做到这一点?
真的解决方案比看起来简单得多。 只需将Active Directory视为用户的存储库(就像数据库一样)。 您需要做的就是查询AD以validation输入的用户名和密码是否有效。 所以,只需使用Nancy的表单validation,并在IUserMapper的实现中处理AD的连接。 以下是我为用户映射器提出的建议:
public class ActiveDirectoryUserMapper : IUserMapper, IUserLoginManager { static readonly Dictionary LoggedInUserIds = new Dictionary(); readonly IAdminUserValidator _adminUserValidator; readonly IAdminUserFetcher _adminUserFetcher; readonly ISessionContainer _sessionContainer; public ActiveDirectoryUserMapper(IAdminUserValidator adminUserValidator, IAdminUserFetcher adminUserFetcher, ISessionContainer sessionContainer) { _adminUserValidator = adminUserValidator; _adminUserFetcher = adminUserFetcher; _sessionContainer = sessionContainer; } public IUserIdentity GetUserFromIdentifier(Guid identifier, NancyContext context) { _sessionContainer.OpenSession(); var adminUserId = LoggedInUserIds.First(x => x.Key == identifier).Value; var adminUser = _adminUserFetcher.GetAdminUser(adminUserId); return new ApiUserIdentity(adminUser); } public Guid Login(string username, string clearTextPassword, string domain) { var adminUser = _adminUserValidator.ValidateAndReturnAdminUser(username, clearTextPassword, domain); var identifier = Guid.NewGuid(); LoggedInUserIds.Add(identifier, adminUser.Id); return identifier; } } 我在我的数据库中保留一个记录来处理角色,所以这个类处理用ADvalidation并从数据库中获取用户:
public class AdminUserValidator : IAdminUserValidator { readonly IActiveDirectoryUserValidator _activeDirectoryUserValidator; readonly IAdminUserFetcher _adminUserFetcher; public AdminUserValidator(IAdminUserFetcher adminUserFetcher, IActiveDirectoryUserValidator activeDirectoryUserValidator) { _adminUserFetcher = adminUserFetcher; _activeDirectoryUserValidator = activeDirectoryUserValidator; } #region IAdminUserValidator Members public AdminUser ValidateAndReturnAdminUser(string username, string clearTextPassword, string domain) { _activeDirectoryUserValidator.Validate(username, clearTextPassword, domain); return _adminUserFetcher.GetAdminUser(1); } #endregion }
此类实际validationActive Directory中是否存在用户名/密码组合:
public class ActiveDirectoryUserValidator : IActiveDirectoryUserValidator { public void Validate(string username, string clearTextPassword, string domain) { using (var principalContext = new PrincipalContext(ContextType.Domain, domain)) { // validate the credentials bool isValid = principalContext.ValidateCredentials(username, clearTextPassword); if (!isValid) throw new Exception("Invalid username or password."); } } }