gpt4 book ai didi

asp.net-mvc - Asp.Net 3.1 使用 Windows 身份验证和角色授权

转载 作者:行者123 更新时间:2023-12-04 15:30:51 28 4
gpt4 key购买 nike

使用 Asp.net 和 .Net Core 3.1 设置,我已经升级了以前使用用户名/密码和角色的身份系统以使用 Windows 身份验证。我创建了一个 ClaimsTransformation,它获取 Windows Identity 并创建一个具有用户关联角色的新 ClaimsPrincipal。这部分工作我的 startup.cs 看起来像这样(删除了一些部分)

 public void ConfigureServices(IServiceCollection services)
{
services.AddTransient<IClaimsTransformation, KiwaClaimsTransformation>();

services.AddAuthentication(IISDefaults.AuthenticationScheme);

services.AddAuthorization();

...
services.AddControllers();

services.AddControllersWithViews()
.AddSessionStateTempDataProvider();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env,
ILoggerFactory loggerFactory, IServiceProvider serviceProvider)
{
...

app.UseStaticFiles();

app.UseCookiePolicy();

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
// catch all for not found
endpoints.MapControllerRoute("NotFound", "{*url}",
new {controller = "Error", action = "ResourceNotFound"});
});

...
}

ClaimsTransformation 看起来像这样

 public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var identity = (ClaimsIdentity)principal.Identity;
if (identity == null) return principal;

var userName = _config["LoginUserName"];
if (userName == null)
{
userName = identity.Name;
if (userName == null) return principal;
}

// need to go and build the Roles claims for the user based on the User Name as a lookup on User table
var claims = new List<Claim>
{
new Claim(@"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", userName, "Name")
};
claims.AddRange(_userLookup.GetUserRolesByNetworkId(userName)
.Select(role => new Claim(ClaimTypes.Role, role)));

//The claim identity uses a claim with the claim type below to determine the name property.
// Get User Roles from database and add to list of claims.
var newClaimsIdentity = new ClaimsIdentity(claims, "Kerberos", "", "http://schemas.microsoft.com/ws/2008/06/identity/claims/role");

return new ClaimsPrincipal(new ClaimsPrincipal(newClaimsIdentity));
}

我有一个基本的 HomeController,看起来像这样

  public class HomeController : Controller
{
private readonly LoggedOnUser _loggedOnUser;

public HomeController(LoggedOnUser loggedOnUser)
{
_loggedOnUser = loggedOnUser;
}

[Authorize]
[HttpGet]
public IActionResult Index()
{
// check and make sure the user is allowed in
if (!_loggedOnUser.IsValidKiwaUser)
{
return RedirectToActionPermanent("NotAuthorised");
}
return View();
}

[Authorize]
public IActionResult OperationResults()
{
ViewBag.Title = (string)TempData["Title"];
string jsonString = (string)TempData["OperationResults"];
if (string.IsNullOrWhiteSpace(jsonString))
{
return RedirectToPage("/Error/NoResults");
}
return View(JsonConvert.DeserializeObject<List<OperationResult>>(jsonString));
}


public IActionResult NotAuthorised()
{
return View();
}

所有 Controller 都有 [Authorize(Role="...")],并且授权正确发生并且角色通过 ClaimsTransformation 添加为声明。我遇到的问题是,如果我点击网站的根目录(调试这是 https://localhost:44391 ),那么路由会将我发送到 Controller 上的 NotAuthorised 页面???它应该默认转到 https://localhost:44391/Home/index在默认端点中定义如果我输入 https://localhost:44391/Home/index它可以工作并显示正确的主登陆页面,但如果我不包括 https://localhost:44391/Home/index整个然后它返回未经授权。

我在这里遗漏了什么吗?我也可以转吗

最佳答案

我终于找到了问题所在。在过渡到 Windows 身份验证的过程中,我在产品中保留了 cookie 支持。但这所做的是将起始页面存储为 NotAuthorised 页面。清除 cookie(并随后从应用程序中删除 cookie 支持)解决了这个问题,并且角色一直在评估。因此,为什么我使用查找(内存缓存)来访问用户及其声明 - 因为所有用户请求都会调用它

哦,顺便说一句。如果您以此为例,实际上不再需要检查 HomeController/Index 中的 _loggedOnUser.IsValidKiwaUser

关于asp.net-mvc - Asp.Net 3.1 使用 Windows 身份验证和角色授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61267994/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com