فعالسازی Windows Authentication در برنامههای ASP.NET Core 2.0
نویسنده: وحید نصیری
تاریخ: ۱۳۹۶/۰۷/۳۰ ۱۹:۵۰
آدرس: www.dntips.ir
| مطالب | ۳۶۹۴ |
| نویسندگان | ۲۷۶ |
| گروههای مطالب | ۱۰۲۴ |
| نقشههای راه | ۱۱۹ |
| دورهها | ۱۴ |
| اشتراکها | ۱۷۹۱۴ |
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer> {
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:3381/",
"sslPort": 0
}
}
} <?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%"
stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout"
forwardWindowsAuthToken="true"/>
</system.webServer>
</configuration> namespace ASPNETCore2WindowsAuthentication
{
public class Program
{
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseHttpSys(options => // Just for local tests without IIS, Or self-hosted scenarios on Windows ...
{
options.Authentication.Schemes =
AuthenticationSchemes.Negotiate | AuthenticationSchemes.NTLM;
options.Authentication.AllowAnonymous = true;
//options.UrlPrefixes.Add("http://+:80/");
})
.Build();
host.Run();
}
}
} namespace ASPNETCore2WindowsAuthentication
{
public class Program
{
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseDefaultServiceProvider((context, options) =>
{
options.ValidateScopes = context.HostingEnvironment.IsDevelopment();
})
.UseStartup<Startup>()
.Build();
host.Run();
}
}
} public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.Configure<IISOptions>(options =>
{
// Sets the HttpContext.User
// Note: Windows Authentication must also be enabled in IIS for this to work.
options.AutomaticAuthentication = true;
options.ForwardClientCertificate = true;
});
services.AddAuthentication(options =>
{
// for both windows and anonymous authentication
options.DefaultChallengeScheme = IISDefaults.AuthenticationScheme;
});
} private string authInfo()
{
var claims = new StringBuilder();
if (User.Identity is ClaimsIdentity claimsIdentity)
{
claims.Append("Your claims: \n");
foreach (var claim in claimsIdentity.Claims)
{
claims.Append(claim.Type + ", ");
claims.Append(claim.Value + "\n");
}
}
return $"IsAuthenticated: {User.Identity.IsAuthenticated}; Identity.Name: {User.Identity.Name}; WindowsPrincipal: {(User is WindowsPrincipal)}\n{claims}";
} namespace ASPNETCore2WindowsAuthentication.Controllers
{
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
[Authorize]
public IActionResult Windows()
{
return Content(authInfo());
}
private string authInfo()
{
var claims = new StringBuilder();
if (User.Identity is ClaimsIdentity claimsIdentity)
{
claims.Append("Your claims: \n");
foreach (var claim in claimsIdentity.Claims)
{
claims.Append(claim.Type + ", ");
claims.Append(claim.Value + "\n");
}
}
return $"IsAuthenticated: {User.Identity.IsAuthenticated}; Identity.Name: {User.Identity.Name}; WindowsPrincipal: {(User is WindowsPrincipal)}\n{claims}";
}
[AllowAnonymous]
public IActionResult Anonymous()
{
return Content(authInfo());
}
[Authorize(Roles = "Domain Admins")]
public IActionResult ForAdmins()
{
return Content(authInfo());
}
[Authorize(Roles = "Domain Users")]
public IActionResult ForUsers()
{
return Content(authInfo());
}
}
} dotnet publish
[Authorize(Roles = @"<domain>\<group>")] //or [Authorize(Roles = @"<domain>\<group1>,<domain>\<group2>")]
services.AddAuthorization(options =>
{
options.AddPolicy("RequireWindowsGroupMembership", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireRole(@"<domain>\<group>"));
}
}); [Authorize(Policy = "RequireWindowsGroupMembership")]
[HttpGet("[action]")]
public IActionResult SomeValue()
{
if (!User.IsInRole(@"Domain\Group")) return StatusCode(403);
return Ok("Some Value");
} public class ApplicationClaimsTransformation : IClaimsTransformation
{
private readonly ILogger<ApplicationClaimsTransformation> _logger;
public ApplicationClaimsTransformation(ILogger<ApplicationClaimsTransformation> logger)
{
_logger = logger;
}
public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
if (!(principal.Identity is ClaimsIdentity identity))
{
return Task.FromResult(principal);
}
var claims = addExistingUserClaims(identity);
identity.AddClaims(claims);
return Task.FromResult(principal);
}
private IEnumerable<Claim> addExistingUserClaims(IIdentity identity)
{
var claims = new List<Claim>();
var user = @"VahidPC\Vahid";
if (identity.Name != user)
{
_logger.LogError($"Couldn't find {identity.Name}.");
return claims;
}
claims.Add(new Claim(ClaimTypes.GivenName, user));
return claims;
}
} services.AddScoped<IClaimsTransformation, ApplicationClaimsTransformation>();
services.AddAuthentication(options =>
{
// for both windows and anonymous authentication
options.DefaultChallengeScheme = IISDefaults.AuthenticationScheme;
});
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); var userName = User.FindFirstValue(ClaimTypes.Name); var userName = User.FindFirstValue(ClaimTypes.GivenName);
services.AddAuthentication(options =>
{
// for both windows and anonymous authentication
//options.DefaultChallengeScheme = IISDefaults.AuthenticationScheme; // Use it for IIS
options.DefaultChallengeScheme = HttpSysDefaults.AuthenticationScheme; // Use it for HttpSys
options.DefaultAuthenticateScheme = HttpSysDefaults.AuthenticationScheme; // Use it for HttpSys
}); [Authorize(Roles = @"<domain>\<group>")]
netsh http add sslcert ipport=0.0.0.0:6001 certhash=<thumbprint of certificate> appid={new guid here} certstorename=Root SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.