Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC

Activities of "varpippo"

Thank you!

We're storing some basic details in AbpUsers with CreateUserAsync , but essentially we need only a standardized format of the username: regardless to what is used for the first login (username, domain\username, e-mail), we convert the username to the AD username. Some additional details like first name and last name are retrieved and stored, but we're not using them in any way.

So, as long as, having an "empty" UpdateUserAsync method does not create any issues to ASP.NET Boilerplate inner mechanisms, I'm fine with that! :D

Using the approach described above we allow the users to login using one of the following options:

LDAP:

  • Valid AD e-mail address and AD password
  • Valid AD domain\username and AD password
  • Valid AD username and AD password

if the authentication fails, a last attempt is made:

LOCAL DATABASE:

  • Valid combination of username / password ( Configuration.MultiTenancy.IsEnabled is commented out, so hopefully we disabled multi-tenancy :) )

We really appreciate the design behind ASP.NET Boilerplate! 8-)

Hi!

Thank you for your feedback :idea:

I managed to implement it as follows:

  1. In the Web project GetLoginResultAsync invokes:
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName, false);
  1. TryAuthenticateAsync takes this actions:
  • It tries to understand if userNameOrEmailAddress is a valid&known e-mail or domain\username
  • Invokes ValidateCredentials only if userNameOrEmailAddress exists in AD
  • In all other cases it returns false
  1. var loggedInFromExternalSource = await TryLoginFromExternalAuthenticationSources(userNameOrEmailAddress, plainPassword, tenant);

can be either true (the authentication through LDAP went fine) or false (userNameOrEmailAddress is invalid / not existing). If it's false the default LoginAsyncInternal method is smart enough to attempt an "internal" authentication:

return await CreateLoginResultAsync(user, tenant);

I hope that helps someone ;)

PS. I implemented CreateUserAsync to store in dbo.AbpUsers information like Username/Mail/First name/Last name obtained from AD and it works perfectly, but I'm not sure if it makes sense to have a UpdateUserAsync like this in the class derived from LdapAuthenticationSource:

public async override Task UpdateUserAsync(User user, Tenant tenant)
        {
            await Task.Run(() => { }); // Nothing to do for the time being. LastLoginTime and other fields are updated automatically?
        }

We don't want to update users created with AuthenticationSource = LDAP

Showing 1 to 3 of 3 entries