ASP.Net核心Windows身份验证未授权的自定义登录页面

时间:2020-08-26 04:51:09

标签: asp.net-core windows-authentication iis-express

我需要使用ASP.Net Core_v3对我们的网站实施这三个登录选项:

  1. launchSettings.json 中为“ windowsAuthentication”且用户在域中定义时为自动登录。
    2. 当用户是本地用户并且具有域帐户时,
  2. 使用Windows 用户名密码进行自定义登录
    3. 当用户是匿名用户时,在我们的数据库中定义的
  3. 使用用户名密码的自定义登录

问题是,当Windows身份验证为true时,浏览器登录弹出窗口会显示,而我想显示我们的自定义登录页面

我尝试了一些解决方案来实现此目的,但没有成功

launchSettings.json: 

"windowsAuthentication": true,
"anonymousAuthentication": true

Startup.cs: 

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllersWithViews();

    services.AddAuthentication(IISDefaults.AuthenticationScheme);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        // The default HSTS value is 30 days. You may want to change this for 
        production scenarios, see https://aka.ms/aspnetcore-hsts.
        app.UseHsts();
    }
    app.UseHttpsRedirection();
    app.UseStaticFiles();

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseActiveDirMiddleware();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
    });
}

401未经授权: default browser pop-up

LoginWithActiveDirectoryMiddleware.cs 

public class LoginWithActiveDirectoryMiddleware
{
    private readonly RequestDelegate _next;
    private readonly string _loginPath = "/Login/index";

    public LoginWithActiveDirectoryMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public Task Invoke(HttpContext httpContext)
    {
        bool isAthenticatedWithAD = IsAuthenticatedWithActiveDirectory(httpContext);

        bool isAllowedAnonymous = IsAllowedAnonymous(httpContext);

        if (!isAllowedAnonymous && !isAthenticatedWithAD)
        {
            httpContext.Response.Redirect(_loginPath);
        }

        return _next(httpContext);
    }

    private static bool IsAuthenticatedWithActiveDirectory(HttpContext httpContext)
    {
        return (httpContext.User.Identity is WindowsIdentity winIdentity &&
                                            winIdentity.IsAuthenticated);
    }

    private static bool IsAllowedAnonymous(HttpContext httpContext)
    {
        var endpoint = httpContext.GetEndpoint();
        var anonymousMethods = endpoint?.Metadata?.GetMetadata<IAllowAnonymous>();

        return anonymousMethods is object;
    }

}
public static class LoginWithActiveDirectoryMiddlewareExtensions
{
    public static IApplicationBuilder UseActiveDirMiddleware(this IApplicationBuilder builder)
    {
        return builder.UseMiddleware<LoginWithActiveDirectoryMiddleware>();
    }
}

我被迫这样做。请帮助我,是否有可能:)谢谢

0 个答案:

没有答案
相关问题
最新问题