參照Hunter的ABP-Zero模塊中用戶管理部分。
由於我們公司的各系統基本都是AD帳號登錄的,所以我們需擴展ABP的AuthenticationSource。
-
添加MyLdapAuthenticationSource.cs及MyLdapSettings.cs
Core層的Authorization目錄下新建Ldap目錄,並新建兩個MyLdapAuthenticationSource.cs及MyLdapSettings.cs,代碼如下:
MyLdapAuthenticationSource.cs
public class MyLdapAuthenticationSource : LdapAuthenticationSource<Tenant, User> { public MyLdapAuthenticationSource(ILdapSettings settings, IAbpZeroLdapModuleConfig ldapModuleConfig) : base(settings, ldapModuleConfig) { } }
LdapAuthenticationSource的構造函數需要兩個參數:ILdapSettings及IAbpZeroLdapModuleConfig,我們構造自己的MyLdapSettings:
MyLdapSettings.cs
public class MyLdapSettings : ILdapSettings { private const string DomainName = "XXXX.com"; private const string Container = "OU=XXX,DC=XXXX,DC=com"; private const string UserName = "XXXX"; private const string Password = "XXXX"; private const string ADPath = "LDAP://XXXXX"; public async Task<bool> GetIsEnabled(int? tenantId) { return true; } public async Task<ContextType> GetContextType(int? tenantId) { return ContextType.Domain; } public async Task<string> GetContainer(int? tenantId) { return Container; } public async Task<string> GetDomain(int? tenantId) { return DomainName; } public async Task<string> GetUserName(int? tenantId) { return UserName; } public async Task<string> GetPassword(int? tenantId) { return Password; } }
-
在CoreModule中啟用
這里ILdapSettings我們使用MyLdapSettings來注冊,但是IAbpZeroLdapModuleConfig使用默認的即可。
[DependsOn(typeof(AbpZeroCoreModule))] public class CeciCoreModule : AbpModule { public override void PreInitialize() { Configuration.Auditing.IsEnabledForAnonymousUsers = true; IocManager.Register<IAbpZeroLdapModuleConfig, AbpZeroLdapModuleConfig>(); IocManager.Register<ILdapSettings, MyLdapSettings>(); //change default setting source Configuration.Modules.ZeroLdap().Enable(typeof(MyLdapAuthenticationSource));
-
重載認證邏輯
目前我們只使用了Ldap最簡邏輯,如需要復雜邏輯(如從AD中獲得用戶部門職位等),需重載LdapAuthenticationSource的方法來自定義實現。