我想从使用 Windows身份验证的 .NET Core Web应用程序(由多个项目组成)创建一个容器。这是我的 Dockerfile :
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.1-sdk AS build
COPY Solution.sln ./
COPY Project1/*.csproj ./Project1/
COPY Project2/*.csproj ./Project2/
COPY Project3/*.csproj ./Project3/
COPY Project4/*.csproj ./Project4/
COPY Project5/*.csproj ./Project5/
RUN dotnet restore
COPY . .
WORKDIR /Project1
RUN dotnet build -c Release -o /app
WORKDIR /Project2
RUN dotnet build -c Release -o /app
WORKDIR /Project3
RUN dotnet build -c Release -o /app
WORKDIR /Project4
RUN dotnet build -c Release -o /app
FROM build AS publish
RUN dotnet publish -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Project4.dll"]
如果我运行容器,则将打开网站,但无法打开登录对话框,并且用户信息丢失。在Docker容器中启用Windows身份验证的最简单方法是什么?
答案 0 :(得分:1)
从本质上讲,您的容器是隔离的,并且不属于您的域,这使Windows身份验证成为众所周知的问题。实现此目标的方法是使用Microsoft最近引入的称为gMSA的技术https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831782(v=ws.11)
关于如何在Docker中使用它: https://www.axians-infoma.de/techblog/windows-authentication-in-docker-containers-just-got-a-lot-easier/ https://artisticcheese.wordpress.com/2017/09/09/enabling-integrated-windows-authentication-in-windows-docker-container/
对于每个Mark请求,您还可以使用LDAP使用一段代码:
private bool VerifyServerCertificateCallback(LdapConnection connection, X509Certificate certificate)
{
return new X509Certificate2(certificate).Verify();
}
public bool ValidateCredentials(string userName, string password)
{
try
{
var ldapDirectoryIdentifier = new ldapDirectoryIdentifier(ldapServer.ServerAddress);
var ldapConnection = new LdapConnection(ldapDirectoryIdentifier) { AuthType = AuthType.Basic };
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.SessionOptions.VerifyServerCertificate = VerifyServerCertificateCallback;
ldapConnection.Bind(new NetworkCredential(string.Format(ldapServer.UserLocation, userName), password));
ldapConnection.Dispose();
}
catch (Exception exception)
{
continue;
}
return true;
}
在您的控制器中:
if (ValidateCredentials(username, password))
{
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(
new List<Claim>{
new Claim(ClaimTypes.Name, username),
...
},
"...");
await
HttpContext.SignInAsync(AuthSchemeName, principal);
}