【问题标题】:ServiceStack mixed authentication methods, multiple organizations and methods AD FS2, openId, facebook, googleServiceStack 混合认证方式,多种组织和方式 AD FS2, openId, facebook, google
【发布时间】:2013-10-19 08:19:30
【问题描述】:

是否可以向 servicestack 添加多种身份验证方法?我有五个用户:

 1. User 1 (Facebook account, Organization 1)
 2. User 2 (Google account, Organization 1)
 3. User 3 (AD FS2, Organization 2, https://company2.com/adfs/ls/)
 4. User 4 (AD FS2, Organization 3, https://company3.de/adfs/ls/) 
 5. User 5 (AD FS2, Organization 3, https://company3.de/adfs/ls/)

身份验证方法应由用户电子邮件选择。所有用户都在一个组织中,电子邮件是唯一的)。

如何使用 AD FS2 对用户进行身份验证? 如何实现多个身份验证提供者和方法?

【问题讨论】:

    标签: openid servicestack adfs2.0 google-openid federated-identity


    【解决方案1】:

    我有类似的情况,单个用户可以从不同来源登录,在我的情况下,他们也可以从网站和社交网络登录,所有可能的身份验证的所有电子邮件登录应该是相同的。

    我建议您为每种情况创建海关身份验证提供程序,并在每种登录方法上保留您需要的任何信息,以遵循您的身份验证逻辑。

    在这种情况下可能类似于

     Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[]
    {
                        container.Resolve<CustomFacebookProvider>(),
                        container.Resolve<CustomAuthProvider>(),
                        container.Resolve<CustomGoogleOpenIdOAuthProvider>(),
     }));
    

    容器将解决您对任何自定义操作的任何依赖项,您需要将持久层合并到每个身份验证提供程序中,以运行您需要执行的任何逻辑以验证用户登录例如:

    public class CustomAuthProvider : CredentialsAuthProvider
        {
            public new static string Name = AuthService.CredentialsProvider;
            public new static string Realm = "/auth/" + AuthService.CredentialsProvider;
            private readonly IUserRepository _userRepository; // custom repo
    
    
            public CustomAuthProvider(IUserRepository userRepository, IResourceManager appSettings)
                : base(appSettings)
            {
                _userRepository = userRepository;
                CallbackUrl = appSettings.GetString("oauth.{0}.CallbackUrl".Fmt(Name));
                RedirectUrl = appSettings.GetString("oauth.{0}.RedirectUrl".Fmt(Name));
                SessionExpiry = DefaultSessionExpiry;
    
            }
    
    
            public override object Authenticate(IServiceBase authService, IAuthSession session,
                                                ServiceStack.ServiceInterface.Auth.Auth request)
            {
    
                string userName = request.UserName;
                string password = request.Password;
    
                if (!LoginMatchesSession(session, userName))
                {
                    authService.RemoveSession();
                    session = authService.GetSession();
                }
    
                if (TryAuthenticate(authService, userName, password))
                {
                    authService.SaveSession(session, SessionExpiry);
                    if (session.UserAuthName == null)
                        session.UserAuthName = userName;
                    OnAuthenticated(authService, session, null, null);
                    return new AuthResponse
                    {
                        UserName = userName,
                        SessionId = session.Id,
                        ReferrerUrl = RedirectUrl
                    };
                }
    
                throw new HttpError(HttpStatusCode.BadRequest, "400", "Invalid username or password");
    
            }
    
            public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
            {
                IAuthSession session = authService.GetSession();
                User user = _userRepository.GetByUserName(userName);
                if ( _userRepository.login(username,password)) //or any other validation logic here
                {
                    session.IsAuthenticated = true;
                    session.UserAuthId = string.Format("{0}", user.Id);
                    session.Id = authService.GetSessionId();
                    session.LastModified = user.LastLoginDate;
                    session.DisplayName = user.DisplayName;
                    session.Email = user.Email;
                    session.UserName = user.UserName;
                    user.LastLoginDate = DateTime.Now;
                    _userRepository.Update(user); //custom logic
                    return true;
                }
    
                return false;
            }
    

    其他自定义提供程序(如 facebook、google+ 等)也应遵循相同的过程,至少这种方法对我来说效果很好。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2012-07-11
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-02-05
      • 1970-01-01
      相关资源
      最近更新 更多