我目前正在为汽车经销商开发一个大型项目,但我有一个困境。
我应该使用ASP.NET身份验证还是老派的FormsAuthentication?
我需要能够通过两个提供程序进行登录。首先,用户始终在数据库中,但我们会检查它是否为LDAP用户,如果是,则通过LDAP进行身份验证(我使用一个具有登录方法的WebService来实现此功能)。
以下是我的登录方法:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginModel model)
{
if (ModelState.IsValid)
{
var userInDb = this.db.Users.FirstOrDefault(u => u.Username == model.username);
if (userInDb != null)
{
// USER EXISTS
if (userInDb.IsLdap)
{
try
{
// IS LDAP POWERED, IGNORE PASSWORD IN DB
using (var ws = WebServiceClient.Factory(model.GetDomain()))
{
// MAKE AUTH
var result = await ws.Login(model.GetUsername(), model.password);
if (result.Success)
{
// USER IS LEGAL
FormsAuthentication.SetAuthCookie(model.username, model.remember);
return RedirectToAction("Init");
}
else
{
// USER IS ILLEGAL
ModelState.AddModelError("", "Username or password invalid.");
}
}
}
catch (Exception ex)
{
// AN ERROR OCCURED IN CREATION OF THE WebService
ErrorUtils.Send(ex);
ModelState.AddModelError("", ex.Message);
}
}
else
{
// USER IS DB POWERED, CHECK THE PASSWORDS
var currentHash = userInDb.Password;
var isPasswordOkay = PasswordUtils.Validate(model.password, currentHash);
if (isPasswordOkay)
{
// USER PASSWORD IS LEGIT
FormsAuthentication.SetAuthCookie(model.username, model.remember);
return RedirectToAction("Init");
}
else
{
// BAD PASSWORD
ModelState.AddModelError("", "Username or password invalid.");
}
}
}
else
{
try
{
// USER DO NOT EXISTS IN DB
using (var ws = WebServiceClient.Factory(model.GetDomain()))
{
// MAKE AUTH
var result = await ws.Login(model.GetUsername(), model.password);
if (result.Success)
{
// USER IS LEGAL IN LDAP SO CREATE IT IN DB
var ldapUser = (AuthResponse.AuthResponseUser)result.User;
var name = ldapUser.DisplayName.Split(' ');
var user = new User()
{
Firstname = name[0],
Lastname = name[1],
ActivatedAt = DateTime.Now,
ModifiedAt = DateTime.Now,
Email = model.username,
IsLdap = true,
Username = model.username,
Password = "",
Notifications = NotificationType.All
};
// GET THE DEALER TO ADD IT TO THE USER RIGHT NOW
var dealer = this.db.BaseContexts.Find(ws.Dealer.Id);
user.BaseContexts.Add(dealer);
dealer.Users.Add(user);
try
{
this.db.Users.Add(user);
this.db.Entry(user).State = System.Data.Entity.EntityState.Added;
this.db.Entry(dealer).State = System.Data.Entity.EntityState.Modified;
await this.db.SaveChangesAsync();
FormsAuthentication.SetAuthCookie(model.username, model.remember);
return RedirectToAction("Init");
}
catch (Exception ex)
{
ErrorUtils.Send(ex);
ModelState.AddModelError("", "An error occured during user creation.");
}
}
else
{
// USER IS ILLEGAL
ModelState.AddModelError("", "Username or password invalid.");
}
}
}
catch (Exception ex)
{
// AN ERROR OCCURED IN CREATION OF THE WebService
ErrorUtils.Send(ex);
ModelState.AddModelError("", ex.Message);
}
}
}
return View(model);
}
我该如何优化它或在其中实现ASP.NET身份验证?我了解多租户的概念,但不确定它是什么。
目前我正在使用FormsAuth,虽然可以工作,但似乎非常有限。例如,创建用户很困难,然而Identity框架具有非常有用的UserManager!
显然,我希望能够通过DB或LDAP进行身份验证,并根据属性。我考虑过创建一个类来充当“身份验证服务”,但我找不到一种结构化和快速的方法。
编辑:我知道Identity有外部提供商,但不确定是否可以使用我的LDAP认证创建自己的提供商。