Identity Server3:Windows 身份验证:AuthenticationResult 总是失败
Identity Server3 : Windows Authentication : AuthenticationResult always fails
我正在使用 Thinktecture Identity Server 3(OWIN 和 Katana)并且能够毫无问题地使其适用于资源所有者流程。
然而,当涉及到对 windows 用户进行身份验证时,它失败了,尽管我在调试时可以看到我的自定义 UserService 确实验证了用户并且 return 一个肯定的 AuthenticationResult。
有没有人在实施过程中遇到过这种情况?
我将post此处自定义用户服务的代码
public class ActiveDirectoryUserService : IUserService
{
private const string Domain = "xxxxx";
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
try
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
if (pc.ValidateCredentials(context.UserName, context.Password))
{
using (
var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.UserName))
{
if (user != null)
{
return
Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
}
}
}
// The user name or password is incorrect
return Task.FromResult<AuthenticateResult>(null);
}
}
catch
{
// Server error
return Task.FromResult<AuthenticateResult>(null);
}
}
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task PostAuthenticateAsync(PostAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(context.AuthenticateResult);
}
public Task SignOutAsync(SignOutContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.Subject.Identity.Name))
{
if (user != null)
{
var identity = new ClaimsIdentity();
identity.AddClaims(new[]
{
new Claim(Constants.ClaimTypes.Name, user.DisplayName),
new Claim(Constants.ClaimTypes.Email, user.EmailAddress)
});
if (context.RequestedClaimTypes != null)
return Task.FromResult(identity.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)));
return Task.FromResult(identity.Claims);
}
}
return Task.FromResult<IEnumerable<Claim>>(null);
}
}
public Task IsActiveAsync(IsActiveContext context)
{
return Task.FromResult(context.IsActive);
}
}
return Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
错了。应该是:
context.AuthenticateResult = new AuthenticateResult(
context.UserName, context.UserName);
return Task.FromResult(0);
我正在使用 Thinktecture Identity Server 3(OWIN 和 Katana)并且能够毫无问题地使其适用于资源所有者流程。
然而,当涉及到对 windows 用户进行身份验证时,它失败了,尽管我在调试时可以看到我的自定义 UserService 确实验证了用户并且 return 一个肯定的 AuthenticationResult。
有没有人在实施过程中遇到过这种情况?
我将post此处自定义用户服务的代码
public class ActiveDirectoryUserService : IUserService
{
private const string Domain = "xxxxx";
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
try
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
if (pc.ValidateCredentials(context.UserName, context.Password))
{
using (
var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.UserName))
{
if (user != null)
{
return
Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
}
}
}
// The user name or password is incorrect
return Task.FromResult<AuthenticateResult>(null);
}
}
catch
{
// Server error
return Task.FromResult<AuthenticateResult>(null);
}
}
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task PostAuthenticateAsync(PostAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(context.AuthenticateResult);
}
public Task SignOutAsync(SignOutContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.Subject.Identity.Name))
{
if (user != null)
{
var identity = new ClaimsIdentity();
identity.AddClaims(new[]
{
new Claim(Constants.ClaimTypes.Name, user.DisplayName),
new Claim(Constants.ClaimTypes.Email, user.EmailAddress)
});
if (context.RequestedClaimTypes != null)
return Task.FromResult(identity.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)));
return Task.FromResult(identity.Claims);
}
}
return Task.FromResult<IEnumerable<Claim>>(null);
}
}
public Task IsActiveAsync(IsActiveContext context)
{
return Task.FromResult(context.IsActive);
}
}
return Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
错了。应该是:
context.AuthenticateResult = new AuthenticateResult(
context.UserName, context.UserName);
return Task.FromResult(0);