我想将NancyFx用于内部网web应用程序。所有的文档和论坛都只提到表单和基本身份验证。有人成功地将Nancy与Windows身份验证一起使用了吗?
还有一个叫做Nancy.Authentication.Stateless的东西,但是我看不出它有什么作用(看起来它是用在Apis中的)。
发布于 2012-11-21 23:14:19
我最近在一个内部项目中使用了它--我真的不喜欢它,它将你与asp.net托管联系在一起,但它确实起到了作用:
namespace Blah.App.Security
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Web;
using Nancy;
public static class SecurityExtensions
{
public static string CurrentUser
{
get
{
return GetIdentity().Identity.Name;
}
}
public static bool HasRoles(params string[] roles)
{
if (HttpContext.Current != null && HttpContext.Current.Request.IsLocal)
{
return true;
}
var identity = GetIdentity();
return !roles.Any(role => !identity.IsInRole(role));
}
public static void RequiresWindowsAuthentication(this NancyModule module)
{
if (HttpContext.Current != null && HttpContext.Current.Request.IsLocal)
{
return;
}
module.Before.AddItemToEndOfPipeline(
new PipelineItem<Func<NancyContext, Response>>(
"RequiresWindowsAuthentication",
ctx =>
{
var identity = GetIdentity();
if (identity == null || !identity.Identity.IsAuthenticated)
{
return HttpStatusCode.Forbidden;
}
return null;
}));
}
public static void RequiresWindowsRoles(this NancyModule module, params string[] roles)
{
if (HttpContext.Current != null && HttpContext.Current.Request.IsLocal)
{
return;
}
module.RequiresWindowsAuthentication();
module.Before.AddItemToEndOfPipeline(new PipelineItem<Func<NancyContext, Response>>("RequiresWindowsRoles", GetCheckRolesFunction(roles)));
}
private static Func<NancyContext, Response> GetCheckRolesFunction(IEnumerable<string> roles)
{
return ctx =>
{
var identity = GetIdentity();
if (roles.Any(role => !identity.IsInRole(role)))
{
return HttpStatusCode.Forbidden;
}
return null;
};
}
private static IPrincipal GetIdentity()
{
if (System.Web.HttpContext.Current != null)
{
return System.Web.HttpContext.Current.User;
}
return new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
public static Func<NancyContext, Response> RequireGroupForEdit(string group)
{
return ctx =>
{
if (ctx.Request.Method == "GET")
{
return null;
}
return HasRoles(group) ? null : (Response)HttpStatusCode.Forbidden;
};
}
}
}
如果它来自本地(为了测试),它会绕过所有的安全检查,这可能是一个坏主意,但它是防火墙后面的事情,所以它不是问题。
我不建议你一字不差地使用它,但可能会给你指明正确的方向:)
发布于 2013-10-15 07:12:19
我需要使用带有Nancy的Windows身份验证来实现基本的intranet应用程序。我使用@Steven Robbins answer作为起点,但去掉了我们不需要的东西,然后添加了NancyContext.CurrentUser
属性。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Web;
using Nancy;
using Nancy.Security;
namespace YourNamespace
{
/// <summary>
/// Extensions for Nancy that implement Windows Authentication.
/// </summary>
public static class WindowsAuthenticationExtensions
{
private class WindowsUserIdentity : IUserIdentity
{
private string _userName;
public WindowsUserIdentity(string userName)
{
_userName = userName;
}
#region IUserIdentity
IEnumerable<string> IUserIdentity.Claims
{
get { throw new NotImplementedException(); }
}
string IUserIdentity.UserName
{
get { return _userName; }
}
#endregion
}
#region Methods
/// <summary>
/// Forces the NancyModule to require a user to be Windows authenticated. Non-authenticated
/// users will be sent HTTP 401 Unauthorized.
/// </summary>
/// <param name="module"></param>
public static void RequiresWindowsAuthentication(this NancyModule module)
{
if (HttpContext.Current == null)
throw new InvalidOperationException("An HttpContext is required. Ensure that this application is running under IIS.");
module.Before.AddItemToEndOfPipeline(
new PipelineItem<Func<NancyContext, Response>>(
"RequiresWindowsAuthentication",
context =>
{
var principal = GetPrincipal();
if (principal == null || !principal.Identity.IsAuthenticated)
{
return HttpStatusCode.Unauthorized;
}
context.CurrentUser = new WindowsUserIdentity(principal.Identity.Name);
return null;
}));
}
private static IPrincipal GetPrincipal()
{
if (HttpContext.Current != null)
{
return HttpContext.Current.User;
}
return new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
#endregion
}
}
您可以这样使用它:
public class YourModule : NancyModule
{
public YourModule()
{
this.RequiresWindowsAuthentication();
Get["/"] = parameters =>
{
//...
};
}
}
发布于 2012-12-16 21:18:22
你可以试着帮我完成Nancy.Authentication.Ntlm。这绝对是pre-alpha。基于我对Nancy内部的有限了解,我不知道如何实现几件事。
目前,代码挑战客户端,验证答案。但是我没有通知客户这个操作的成功。
但我仍然努力工作。真的很难。
如果您有任何意见和请求,我将非常感谢。
https://stackoverflow.com/questions/13423239
复制相似问题