Hi,
is it possible to define user accounts with all kind of info (Full name, E-Mailaddress, Group-Assignments ...) before the users log in for the first time using LDAP Authentication with their AD usernamen and password? Is the only important thing to create the account with the exact Windows AD username? If so do I need to include the domainname (e.g. domain\username)?
Can I mix these LDAP accounts with accounts only existing in the ASP.NET Zero application database?
Is it possible to create the users in batch by inserting them directly into the ASP.NET Zero database and then assign the groups in the backend application?
Thank you very much in advance! Great product, great support!
2 Answer(s)
-
0
Hi,
Let me explain the LDAP auth logic first:
This is the class which makes authentication for LDAP: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/dev/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs">https://github.com/aspnetboilerplate/mo ... nSource.cs</a>
TryAuthenticateAsync method (<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/dev/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L42">https://github.com/aspnetboilerplate/mo ... rce.cs#L42</a>) checks a user in active directory.
CreateUserAsync method (<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/dev/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L56">https://github.com/aspnetboilerplate/mo ... rce.cs#L56</a>) creates the user if this is the first time he logins
UpdateUserAsync method (<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/dev/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L80">https://github.com/aspnetboilerplate/mo ... rce.cs#L80</a>) updates user information in next logins. Thus, we can synchonize information here.
All of these are defined in Abp.Zero package, but we can override any method if we want to execute some custom logic. Where?
AspNet Zero includes AppLdapAuthenticationSource class (<a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.Core/Authorization/Ldap/AppLdapAuthenticationSource.cs">https://github.com/aspnetzero/aspnet-ze ... nSource.cs</a>). Here, you can override any method you want.
In AspNet Zero, we can mix LDAP with non-LDAP accounts as default.
You can code it yourself to batch insert LDAP users, there is no such a built-in functionality.
-
0
Great and easy to understand explanation! Thank you very much!
