Docker容器中的.NET Core Windows身份验证

时间:2019-02-13 10:13:57

标签: docker asp.net-core dockerfile

我想从使用 Windows身份验证 .NET Core Web应用程序(由多个项目组成)创建一个容器。这是我的 Dockerfile 

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80

FROM microsoft/dotnet:2.1-sdk AS build
COPY Solution.sln ./
COPY Project1/*.csproj ./Project1/
COPY Project2/*.csproj ./Project2/
COPY Project3/*.csproj ./Project3/
COPY Project4/*.csproj ./Project4/
COPY Project5/*.csproj ./Project5/

RUN dotnet restore
COPY . .

WORKDIR /Project1
RUN dotnet build -c Release -o /app

WORKDIR /Project2
RUN dotnet build -c Release -o /app

WORKDIR /Project3
RUN dotnet build -c Release -o /app

WORKDIR /Project4
RUN dotnet build -c Release -o /app

FROM build AS publish
RUN dotnet publish -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Project4.dll"]

如果我运行容器,则将打开网站,但无法打开登录对话框,并且用户信息丢失。在Docker容器中启用Windows身份验证的最简单方法是什么?

1 个答案:

答案 0 :(得分:1)

从本质上讲,您的容器是隔离的,并且不属于您的域,这使Windows身份验证成为众所周知的问题。实现此目标的方法是使用Microsoft最近引入的称为gMSA的技术https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831782(v=ws.11)

关于如何在Docker中使用它: https://www.axians-infoma.de/techblog/windows-authentication-in-docker-containers-just-got-a-lot-easier/ https://artisticcheese.wordpress.com/2017/09/09/enabling-integrated-windows-authentication-in-windows-docker-container/

对于每个Mark请求,您还可以使用LDAP使用一段代码:

private bool VerifyServerCertificateCallback(LdapConnection connection, X509Certificate certificate)
{
return new X509Certificate2(certificate).Verify();
}

public bool ValidateCredentials(string userName, string password)
{
try
{
var ldapDirectoryIdentifier = new ldapDirectoryIdentifier(ldapServer.ServerAddress);

var ldapConnection = new LdapConnection(ldapDirectoryIdentifier) { AuthType = AuthType.Basic };
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.SessionOptions.VerifyServerCertificate = VerifyServerCertificateCallback;

ldapConnection.Bind(new NetworkCredential(string.Format(ldapServer.UserLocation, userName), password));

ldapConnection.Dispose();
}
catch (Exception exception)
{
continue;
}
return true;
}

在您的控制器中:

if (ValidateCredentials(username, password))
{
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(
                new List<Claim>{
                    new Claim(ClaimTypes.Name, username),
                    ...
                },
                "...");

            await 
HttpContext.SignInAsync(AuthSchemeName, principal);
}
相关问题
最新问题