LDAP/Active Directory
LdapAuthenticationSource is an implementation of external authentication to make users login with their LDAP (active directory) user name and password.
If we want to use LDAP authentication, we first add Abp.Zero.Ldap nuget package to our project (generally to Core (domain) project). Then we should extend LdapAuthenticationSource for our application as shown below:
public class MyLdapAuthenticationSource : LdapAuthenticationSource<Tenant, User>
{
public MyLdapAuthenticationSource(ILdapSettings settings, IAbpZeroLdapModuleConfig ldapModuleConfig)
: base(settings, ldapModuleConfig)
{
}
}
Lastly, we should set a module dependency to AbpZeroLdapModule and enable LDAP with the auth source created above:
[DependsOn(typeof(AbpZeroLdapModule))]
public class MyApplicationCoreModule : AbpModule
{
public override void PreInitialize()
{
Configuration.Modules.ZeroLdap().Enable(typeof (MyLdapAuthenticationSource));
}
...
}
After these steps, LDAP module will be enabled for your application. But LDAP auth is not enabled by default. We can enable it using settings.
Settings
LdapSettingNames class defines constants for setting names. You can use these constant names while changing settings (or getting settings). LDAP settings are per tenant (for multi-tenant applications). So, different tenants have different settings (see setting definitions on github).
As you can see in the MyLdapAuthenticationSource constructor, LdapAuthenticationSource expects ILdapSettings as a constructor argument. This interface is used to get LDAP settings like domain, user name and password to connect to Active Directory. Default implementation (LdapSettings class) gets these settings from the setting manager.
If you work with Setting manager, then no problem. You can change LDAP settings using setting manager API. If you want, you can add an initial/seed data to database to enable LDAP auth by default.
Note: If you don’t define domain, username and password, LDAP authentication works for current domain if your application runs in a domain with appropriate privileges.
Custom Settings
If you want to define another setting source, you can implement a custom ILdapSettings class as shown below:
public class MyLdapSettings : ILdapSettings
{
public async Task<bool> GetIsEnabled(int? tenantId)
{
return true;
}
public async Task<ContextType> GetContextType(int? tenantId)
{
return ContextType.Domain;
}
public async Task<string> GetContainer(int? tenantId)
{
return null;
}
public async Task<string> GetDomain(int? tenantId)
{
return null;
}
public async Task<string> GetUserName(int? tenantId)
{
return null;
}
public async Task<string> GetPassword(int? tenantId)
{
return null;
}
}
And register it to IOC in PreInitialize of your module:
[DependsOn(typeof(AbpZeroLdapModule))]
public class MyApplicationCoreModule : AbpModule
{
public override void PreInitialize()
{
IocManager.Register<ILdapSettings, MyLdapSettings>(); //change default setting source
Configuration.Modules.ZeroLdap().Enable(typeof (MyLdapAuthenticationSource));
}
...
}
Then you can get LDAP settings from any other source.
https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management#ldapactive-directory
4
solved How does LDAP work in ASP.NET Boilerplate? [closed]