All geek questions in one place

Mixed Mode Authentication with OWIN

I am creating an MVC 5 application. I need to authenticate people against AD and the sql database or web service.

A requirement is if a person is registered on a corporate network or connected to a VPN, I must register them without asking for credentials. if users access the website over the Internet or the person does not have an AD account, I must use authentication.

I am reviewing an article, but will this work with ASP.Net MVC and OWIN? Any other alternative?

Thanks in advance.

+4
source share
2 answers

- . , AD .

( , ) . ASP.NET Identity 2.1 alpha, SignInManager ( ).

  • ( , AD).
  • UserLogin AD ProviderKey, AD Sid
  • , Request.LogonUserIdentity . , UserManager.FindAsync. , ( ).
  • , , \username. .

( , , ).

, Request.LoginUserIdentity. .

public async Task<ActionResult> WindowsLogin(string returnUrl)
{
    var loginInfo = GetWindowsLoginInfo();
    var user = await _userManager.FindAsync(loginInfo);
    if (user != null)
    {
        await SignInAsync(user, false);
        return RedirectTo(returnUrl, "Manage");
    }

    return RedirectToAction("Login");
}

private UserLoginInfo GetWindowsLoginInfo()
{
    if (Request.LogonUserIdentity == null || Request.LogonUserIdentity.User == null)
    {
        return null;
    }
    return new UserLoginInfo("Windows", Request.LogonUserIdentity.User.ToString());
}

ApplicationSignInManager ( SignInManager), AD, .

public async Task<SignInStatus> WindowsLoginAsync(string userName, string password, bool isPersistent)
{
    var signInStatus = SignInStatus.Failure;

    using (var context = new PrincipalContext(ContextType.Domain, "YourDomain"))
    {
        // validate the credentials
        bool credentialsValid = context.ValidateCredentials(userName, password);

        if (credentialsValid)
        {
            UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, userName);
            if (userPrincipal != null)
            {
                var loginInfo = new ExternalLoginInfo
                {
                    Login = new UserLoginInfo(AuthenticationTypes.Windows, userPrincipal.Sid.ToString())
                };
                signInStatus = await ExternalSignInAsync(loginInfo, isPersistent);
            }
        }
    }
    return signInStatus;
}

Login, .

Regex domainRegex = new Regex("(domain\\.+)|(.+@domain)");
if (domainRegex.IsMatch(model.Username))
{
    result = await _signInManager.WindowsLoginAsync(model.Username, model.Password, model.RememberMe);
    switch (result)
    {
        case SignInStatus.Success:
            return RedirectTo(returnUrl, "Manage");
    }
}

result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberMe, true);
...

, !

+6

owin, , .

, , / . , ClaimsPrincipal ( ).

( api) . OAuthBearer - - Identity 2.0, BasicAuthenation - /pwd .

//This will create the usermanager per request.
app.CreatePerOwinContext(ApplicationSession.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

// Token Authentication
app.UseOAuthBearerAuthentication(OAuthBearerOptions);

// Basic Authentication.
app.UseBasicAuthentication(app.CreateLogger<BasicAuthenticationMiddleware>(), 
                    "Realm", ValidateUser);

.

+1

Source: https://habr.com/ru/post/1528850/

More articles:


All Articles