Blazor Server应用程序 - 支持Windows和非Windows用户在同一应用中
我的组织创建的应用程序必须在两个完全独立的网络上支持员工(我们将其称为网络“ A和网络“ B”)。网络“ A”上的应用程序必须始终使用Windows身份验证。由于网络“ B”是完全分开的,因此不能在两者之间建立信任关系,因此唯一的选择是允许“匿名”访问并迫使用户使用手动凭据登录。
当前,我们的ASP.NET应用程序具有“匿名”和“表单”身份验证,并通过对“ logon_user”服务器变量的代码进行检查启用了身份验证,并且如果它找到一个映射到网络“ A”上有效的Windows帐户的一个,则它们自动登录,否则它们必须手动登录。
则该代码行不会返回任何值。
@HttpContextAccessor.HttpContext?.GetServerVariable("LOGON_USER")
在ASP.NET核心中,如果“匿名”身份验证与“ Windows”身份验证:仅在“ Windows”时, 启用了其他任何内容,我们使用上述代码行获得了一个用户名。
要问这里的关键问题是,是否有任何方法可以在ASP.NET Core / Blazor Server应用程序中维护单个标志,以便我们不必维护同一应用程序的两个不同版本?还是不再可能?
我已经阅读了本文的总结(安全的ASP.NET Core Blazor Server应用程序),如果我的解释正确,不幸的是,听起来好像我们必须开发我们自己的中央身份验证系统,而不是在内部构建的中心身份验证系统ASP.NET Core,而是一个传统的ASP.NET应用程序,可以对用户进行身份验证,然后又通知我们创建的已验证用户的Blazor Server应用程序。
My organization creates apps that must support employees on two entirely separate networks (let's call them network "A" and network "B"). Applications on network "A" must always use Windows Authentication. Since network "B" is entirely separate and therefore cannot have a trust relationship established between the two, the only option is to allow "Anonymous" access and force the user to login in with manual credentials.
Currently, our Asp.Net apps have both "Anonymous" and "Forms" authentication enabled with a code-behind check of the "LOGON_USER" server variable and if it finds one that maps to a valid Windows Account on network "A", they are automatically logged in, else they must manually log in.
In Asp.Net Core, this line of code does not return any value if "Anonymous" authentication is enabled side-by-side with "Windows" authentication:
@HttpContextAccessor.HttpContext?.GetServerVariable("LOGON_USER")
Only when "Windows" is enabled with nothing else do we get a username using the above line of code.
The key question to ask here is if there is any way at all to maintain the single sign on ability in a Asp.Net Core / Blazor server app so that we do not have to maintain two different versions of the same application? Or is this no longer possible?
I have read the summation of this article (Secure ASP.NET Core Blazor Server Apps) from Microsoft, and if my interpretation is correct, it unfortunately sounds as if we must develop our own central authentication system that is not built in Asp.NET Core, but instead a traditional Asp.NET app that authenticates users and in turn, informs the Blazor server apps we create of the validated user instead.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论