UserPrincipal.EmployeeId 登录后未存储
UserPrincipal.EmployeeId not being stored after SignIn
我正在使用 ActiveDirectory 身份验证(来自 Microsoft.Owin),这非常适合我的需要,但是我遇到了一个问题,即即使我在登录期间设置了 EmployeeId,也没有存储它过程。我还在努力学习这个图书馆,所以我有点困惑。这是我的代码:
AdAuthenticationService.cs
public class AdAuthenticationService
{
public class AuthenticationResult
{
public string ErrorMessage { get; private set; }
public bool IsSuccess => string.IsNullOrEmpty(ErrorMessage);
public AuthenticationResult(string errorMessage = null)
{
ErrorMessage = errorMessage;
}
}
private readonly IAuthenticationManager authenticationManager;
public AdAuthenticationService(IAuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public AuthenticationResult SignIn(String username, String password)
{
// authenticates against your domain account
ContextType authenticationType = ContextType.Domain;
PrincipalContext principalContext = new PrincipalContext(authenticationType);
bool isAuthenticated = false;
UserPrincipal userPrincipal = null;
try
{
var eacId = DatabaseOperations.Login(username.Trim(), password.Trim());
if (eacId > 0)
{
principalContext.ValidateCredentials(username.Trim(), password.Trim(), ContextOptions.Negotiate);
isAuthenticated = DatabaseOperations.Security(eacId) > 0;
if (isAuthenticated)
{
userPrincipal = new UserPrincipal(principalContext,
DatabaseOperations.GetFullNameByEacId(eacId), password, true);
userPrincipal.EmployeeId = eacId.ToString();
}
}
}
catch (Exception)
{
isAuthenticated = false;
userPrincipal = null;
}
if (!isAuthenticated)
{
return new AuthenticationResult("Username or Password is not correct");
}
var identity = CreateIdentity(userPrincipal);
authenticationManager.SignOut(ActiveDirectoryAuthentication.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
return new AuthenticationResult();
}
private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
{
var identity = new ClaimsIdentity(ActiveDirectoryAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Active Directory"));
identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
return identity;
}
}
在 SignIn 方法中,我可以在 userPrincipal.EmployeeId 下设置 eacId,但是当我尝试从项目中的其他任何地方访问它时,它 returns 为空。
我假设因为 CreateIdentity 方法,我应该向标识对象添加新的声明?但是该对象没有任何我需要的 EmployeeId。
我没有看到你添加 EmployeeId 作为声明。
private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
{
var identity = new ClaimsIdentity(ActiveDirectoryAuthentication.ApplicationCookie,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
...
identity.AddClaim(new Claim("EmployeeId", userPrincipal.EmployeeId));
return identity;
}
我正在使用 ActiveDirectory 身份验证(来自 Microsoft.Owin),这非常适合我的需要,但是我遇到了一个问题,即即使我在登录期间设置了 EmployeeId,也没有存储它过程。我还在努力学习这个图书馆,所以我有点困惑。这是我的代码:
AdAuthenticationService.cs
public class AdAuthenticationService
{
public class AuthenticationResult
{
public string ErrorMessage { get; private set; }
public bool IsSuccess => string.IsNullOrEmpty(ErrorMessage);
public AuthenticationResult(string errorMessage = null)
{
ErrorMessage = errorMessage;
}
}
private readonly IAuthenticationManager authenticationManager;
public AdAuthenticationService(IAuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public AuthenticationResult SignIn(String username, String password)
{
// authenticates against your domain account
ContextType authenticationType = ContextType.Domain;
PrincipalContext principalContext = new PrincipalContext(authenticationType);
bool isAuthenticated = false;
UserPrincipal userPrincipal = null;
try
{
var eacId = DatabaseOperations.Login(username.Trim(), password.Trim());
if (eacId > 0)
{
principalContext.ValidateCredentials(username.Trim(), password.Trim(), ContextOptions.Negotiate);
isAuthenticated = DatabaseOperations.Security(eacId) > 0;
if (isAuthenticated)
{
userPrincipal = new UserPrincipal(principalContext,
DatabaseOperations.GetFullNameByEacId(eacId), password, true);
userPrincipal.EmployeeId = eacId.ToString();
}
}
}
catch (Exception)
{
isAuthenticated = false;
userPrincipal = null;
}
if (!isAuthenticated)
{
return new AuthenticationResult("Username or Password is not correct");
}
var identity = CreateIdentity(userPrincipal);
authenticationManager.SignOut(ActiveDirectoryAuthentication.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
return new AuthenticationResult();
}
private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
{
var identity = new ClaimsIdentity(ActiveDirectoryAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Active Directory"));
identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
return identity;
}
}
在 SignIn 方法中,我可以在 userPrincipal.EmployeeId 下设置 eacId,但是当我尝试从项目中的其他任何地方访问它时,它 returns 为空。
我假设因为 CreateIdentity 方法,我应该向标识对象添加新的声明?但是该对象没有任何我需要的 EmployeeId。
我没有看到你添加 EmployeeId 作为声明。
private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
{
var identity = new ClaimsIdentity(ActiveDirectoryAuthentication.ApplicationCookie,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
...
identity.AddClaim(new Claim("EmployeeId", userPrincipal.EmployeeId));
return identity;
}