ASP.NET Core 2.0 LDAP Active Directory身份验证

本文介绍了ASP.NET Core 2.0 LDAP Active Directory身份验证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我从过去发现了很多信息，说 LDAP身份验证尚未启用，但是您可以使用第三方程序包解决该问题. 但是，似乎LDAP身份验证是在 1月份实施的..我似乎找不到有关如何实现它的任何信息.

I have found a lot of information from the past saying that LDAP authentication isn't enabled yet but you can get around that using third party packages. However, it seems that LDAP authentication WAS implemented back in January. I can't seem to find any information on HOW to implement it.

我已经在我的项目中设置了自定义身份验证，我只需要逻辑来填写HandleAuthenticateAsync方法.

I already have custom authentication set up in my project, I just need the logic to fill in the HandleAuthenticateAsync method.

我尝试使用其他示例，但是它们似乎不适用于.NET Core 2.0.

I have tried using other examples, but they don't seem to work with .NET Core 2.0.

这是我能想到的唯一相关代码

Here is the only relevant code that I have that I can think of posting

protected override Task<AuthenticateResult> HandleAuthenticateAsync() { // Get Authorization header value if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) { return Task.FromResult(AuthenticateResult.Fail("Cannot read authorization header.")); } // TODO: Authenticate user // Create authenticated user ticket var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") }; var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme); return Task.FromResult(AuthenticateResult.Success(ticket)); // else User not authenticated return Task.FromResult(AuthenticateResult.Fail("Invalid auth key.")); }

所以，我的问题是，如何在.NET Core 2.0中实现LDAP身份验证?

So, my question is, how do I implement LDAP Authentication in .NET Core 2.0?

推荐答案

感谢Win的答案，指出我需要使用 Windows兼容包，我能够弄清楚这一点.

Thanks to Win's Answer for pointing out that I needed to use Windows Compatibility Pack, I was able to figure this out.

我要做的第一件事是安装 Nuget软件包

The first thing I had to do was install the Nuget package

Install-Package Microsoft.Windows.Compatibility

当时，我需要一个预览版，所以我在命令末尾附加了-Version 2.0.0-preview1-26216-02

然后，为System.DirectoryServices和System.DirectoryServices.AccountManagement

然后，只需将此逻辑插入我的HandleAuthenticateAsync方法中即可:

Then, just plug this logic into my HandleAuthenticateAsync method:

const string LDAP_PATH = "EX://exldap.example:5555"; const string LDAP_DOMAIN = "exldap.example:5555"; using (var context = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd")) { if (context.ValidateCredentials(username, password)) { using (var de = new DirectoryEntry(LDAP_PATH)) using (var ds = new DirectorySearcher(de)) { // other logic to verify user has correct permissions // User authenticated and authorized var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") }; var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme); return Task.FromResult(AuthenticateResult.Success(ticket)); } } } // User not authenticated return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));