abp icon indicating copy to clipboard operation
abp copied to clipboard

Published 20 hours ago verified publisher icon abpframework

Proper implementation with local Active Directory (MVC UI, EF Core)

Open leonkosak opened this issue 3 years ago • 4 comments

  • Your v5.2.
  • Your MVC
  • Your database provider: EF Core

@maliming I have scenario to authenticate via local Active Directory (AD). I am confused how to properly implement this external login. Probably, when one user login to application for the first time, should we create new external user (AbpUsers table) and then when we have a record for new user in AbpUsers table add permissions and roles to this user? User would always manually make login with his/her AD user.

Could you please describe steps how to properly implement this integration (robust and secure)? Thank you.

leonkosak avatar May 17 '22 07:05 leonkosak

when we have a record for new user in AbpUsers table add permissions and roles to this user?

hi

You can customize your code here.

Get exist user and update its permissions and roles base on your externallogininfo.

https://github.com/abpframework/abp/blob/dev/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs#L242

https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.externallogininfo?view=aspnetcore-6.0

maliming avatar May 19 '22 01:05 maliming

I would also like to use External Login Provider, but unfortunately, provided example on GH (there is nothing in documentation) is not working for me: https://github.com/abpframework/abp/issues/4977#issuecomment-1129695314

I have abp v5.2.1 (MVC, non-tiered) and "MyExternalLoginProvider.cs" is located in .Web project.

The following code was added to xxxxWebModule.cs (inside ConfigureAuthentication method):

Configure<AbpIdentityOptions>(options => { options.ExternalLoginProviders.Add<MyExternalLoginProvider>(MyExternalLoginProvider.Name); });

(AbpIdentityAspNetCoreOptions has no ExternalLoginProviders prop.)

However, there is no External providers visible on Login page (Login.cshtml).

As far as I know, external providers should be visible in this part of Login.cshtml:

@if (Model.VisibleExternalProviders.Any()) { <div class="mt-2"> <h5>@L["OrLoginWith"]</h5> <form asp-page="./Login" asp-page-handler="ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" asp-route-returnUrlHash="@Model.ReturnUrlHash" method="post"> @foreach (var provider in Model.VisibleExternalProviders) { <button type="submit" class="btn btn-primary m-1" name="provider" value="@provider.AuthenticationScheme" title="@L["LogInUsingYourProviderAccount", provider.DisplayName]">@provider.DisplayName</button> } </form> </div> }

What am I doing wrong? Thank you.

leonkosak avatar May 19 '22 04:05 leonkosak

However, there is no External providers visible on Login page (Login.cshtml).

The ExternalLoginProviders will not display on the login page. Only external provider authentication will be.

(https://github.com/abpframework/abp/blob/e3e1779de6df5d26f01cdc8e99ac9cbcb3d24d3c/modules/identity/src/Volo.Abp.Identity.AspNetCore/Volo/Abp/Identity/AspNetCore/AbpSignInManager.cs#L42)

https://github.com/abpframework/abp/blob/e3e1779de6df5d26f01cdc8e99ac9cbcb3d24d3c/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs#L75

maliming avatar May 19 '22 05:05 maliming

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 30 '22 17:07 stale[bot]