feat: LdapOptions erstellt anstelle statischer (fest codierter) Konfigurationswerte, LdapOptions und Abhängigkeitsinjektionen dafür hinzugefügt
This commit is contained in:
Developer 02
parent
bc04c2d36d
commit
d434a5964b
@ -1,7 +1,5 @@
|
|||||||
using DAL._Shared.SharedModels;
|
using DAL._Shared.SharedRepositories;
|
||||||
using DAL._Shared.SharedRepositories;
|
|
||||||
using DAL.Repositories;
|
using DAL.Repositories;
|
||||||
using HRD.WebApi.Repositories;
|
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
|
||||||
namespace DAL
|
namespace DAL
|
||||||
|
|||||||
30
HRD.LDAPService/DIExtensions.cs
Normal file
30
HRD.LDAPService/DIExtensions.cs
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
using HRD.LDAPService.JWT;
|
||||||
|
using HRD.LDAPService.Ldap;
|
||||||
|
using Microsoft.Extensions.Configuration;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using System;
|
||||||
|
|
||||||
|
namespace HRD.LDAPService
|
||||||
|
{
|
||||||
|
public static class DIExtensions
|
||||||
|
{
|
||||||
|
private static IServiceCollection AddJwtManagerWithLdap(this IServiceCollection services)
|
||||||
|
{
|
||||||
|
services
|
||||||
|
.AddSingleton<LdapAuthenticationService>()
|
||||||
|
.AddSingleton<JwtManager>();
|
||||||
|
|
||||||
|
return services;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static IServiceCollection AddJwtManagerWithLdap(this IServiceCollection services, Action<LdapOptions> configureOptions)
|
||||||
|
=> services
|
||||||
|
.Configure(configureOptions)
|
||||||
|
.AddJwtManagerWithLdap();
|
||||||
|
|
||||||
|
public static IServiceCollection AddJwtManagerWithLdap(this IServiceCollection services, IConfiguration configuration)
|
||||||
|
=> services
|
||||||
|
.Configure<LdapOptions>(configuration)
|
||||||
|
.AddJwtManagerWithLdap();
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -8,11 +8,18 @@ using System.Text;
|
|||||||
|
|
||||||
namespace HRD.LDAPService.JWT
|
namespace HRD.LDAPService.JWT
|
||||||
{
|
{
|
||||||
public static class JwtManager
|
public class JwtManager
|
||||||
|
|
||||||
{
|
{
|
||||||
private const string GlbExtendedAttributes = "ExtendedAttributes_";
|
private const string GlbExtendedAttributes = "ExtendedAttributes_";
|
||||||
|
|
||||||
|
private readonly LdapAuthenticationService _ldapAuthService;
|
||||||
|
|
||||||
|
public JwtManager(LdapAuthenticationService ldapAuthService)
|
||||||
|
{
|
||||||
|
_ldapAuthService = ldapAuthService;
|
||||||
|
}
|
||||||
|
|
||||||
public static LdapUser DecryptTokenAsLdapUser(string token)
|
public static LdapUser DecryptTokenAsLdapUser(string token)
|
||||||
{
|
{
|
||||||
if (string.IsNullOrEmpty(token)) { return default; }
|
if (string.IsNullOrEmpty(token)) { return default; }
|
||||||
@ -67,7 +74,7 @@ namespace HRD.LDAPService.JWT
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static LdapUser RenewLdapUserWithJwtToken(string token)
|
public LdapUser RenewLdapUserWithJwtToken(string token)
|
||||||
{
|
{
|
||||||
LdapUser renewLdapUser = null;
|
LdapUser renewLdapUser = null;
|
||||||
try
|
try
|
||||||
@ -77,7 +84,7 @@ namespace HRD.LDAPService.JWT
|
|||||||
throw new ArgumentNullException($"Token is missing!");
|
throw new ArgumentNullException($"Token is missing!");
|
||||||
}
|
}
|
||||||
|
|
||||||
renewLdapUser = LdapAuthenticationService.RenewIdentity(token);
|
renewLdapUser = _ldapAuthService.RenewIdentity(token);
|
||||||
if (renewLdapUser is null)
|
if (renewLdapUser is null)
|
||||||
{
|
{
|
||||||
throw new Exception($"Can't renew from token!");
|
throw new Exception($"Can't renew from token!");
|
||||||
@ -110,7 +117,7 @@ namespace HRD.LDAPService.JWT
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static LdapUser RenewLdapUserWithJwtToken(LdapUser ldapUser)
|
public LdapUser RenewLdapUserWithJwtToken(LdapUser ldapUser)
|
||||||
{
|
{
|
||||||
LdapUser renewLdapUser = null;
|
LdapUser renewLdapUser = null;
|
||||||
try
|
try
|
||||||
@ -120,7 +127,7 @@ namespace HRD.LDAPService.JWT
|
|||||||
throw new Exception($"Token is missing (Login:{ldapUser.LoginName})");
|
throw new Exception($"Token is missing (Login:{ldapUser.LoginName})");
|
||||||
}
|
}
|
||||||
|
|
||||||
renewLdapUser = LdapAuthenticationService.RenewIdentity(ldapUser);
|
renewLdapUser = _ldapAuthService.RenewIdentity(ldapUser);
|
||||||
if (renewLdapUser is null)
|
if (renewLdapUser is null)
|
||||||
{
|
{
|
||||||
return default;
|
return default;
|
||||||
@ -164,11 +171,11 @@ namespace HRD.LDAPService.JWT
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool GenerateLdapUserWithJwtToken(LdapUser ldapUser)
|
public bool GenerateLdapUserWithJwtToken(LdapUser ldapUser)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (!LdapAuthenticationService.CheckAndUpdateIdentityWithPassword(ldapUser))
|
if (!_ldapAuthService.CheckAndUpdateIdentityWithPassword(ldapUser))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,15 +1,22 @@
|
|||||||
using HRD.LDAPService.JWT;
|
using HRD.LDAPService.JWT;
|
||||||
|
using HRD.LDAPService.Ldap;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
using System;
|
using System;
|
||||||
using System.DirectoryServices.AccountManagement;
|
using System.DirectoryServices.AccountManagement;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
|
||||||
namespace HRD.LDAPService
|
namespace HRD.LDAPService
|
||||||
{
|
{
|
||||||
public static class LdapAuthenticationService
|
public class LdapAuthenticationService
|
||||||
{
|
{
|
||||||
private const string LDAP_DOMAIN = "dhr.local";
|
private readonly string LDAP_DOMAIN;
|
||||||
|
|
||||||
private static UserPrincipal GetUserPrincipal(string loginName, PrincipalContext principalContext)
|
public LdapAuthenticationService(IOptions<LdapOptions> options)
|
||||||
|
{
|
||||||
|
LDAP_DOMAIN = options.Value.LDAP_DOMAIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
private UserPrincipal GetUserPrincipal(string loginName, PrincipalContext principalContext)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@ -36,7 +43,7 @@ namespace HRD.LDAPService
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="ldapUser"></param>
|
/// <param name="ldapUser"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
public static LdapUser RenewIdentity(string token)
|
public LdapUser RenewIdentity(string token)
|
||||||
{
|
{
|
||||||
if (string.IsNullOrEmpty(token)) { throw new ArgumentNullException("Token is empty!"); }
|
if (string.IsNullOrEmpty(token)) { throw new ArgumentNullException("Token is empty!"); }
|
||||||
|
|
||||||
@ -64,7 +71,7 @@ namespace HRD.LDAPService
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="ldapUser"></param>
|
/// <param name="ldapUser"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
public static LdapUser RenewIdentity(LdapUser ldapUser)
|
public LdapUser RenewIdentity(LdapUser ldapUser)
|
||||||
{
|
{
|
||||||
if (ldapUser == default) { return default; }
|
if (ldapUser == default) { return default; }
|
||||||
try
|
try
|
||||||
@ -127,7 +134,7 @@ namespace HRD.LDAPService
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="ldapUser"></param>
|
/// <param name="ldapUser"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
public static bool CheckAndUpdateIdentityWithPassword(LdapUser ldapUser)
|
public bool CheckAndUpdateIdentityWithPassword(LdapUser ldapUser)
|
||||||
{
|
{
|
||||||
if (ldapUser == default) { return false; }
|
if (ldapUser == default) { return false; }
|
||||||
try
|
try
|
||||||
@ -184,7 +191,7 @@ namespace HRD.LDAPService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void UpdateLdapUserFromPrincipalContext(ref LdapUser ldapUser, PrincipalContext principalContext)
|
private void UpdateLdapUserFromPrincipalContext(ref LdapUser ldapUser, PrincipalContext principalContext)
|
||||||
{
|
{
|
||||||
UserPrincipal userPrincipal = GetUserPrincipal(ldapUser.LoginName, principalContext);
|
UserPrincipal userPrincipal = GetUserPrincipal(ldapUser.LoginName, principalContext);
|
||||||
if (userPrincipal == default)
|
if (userPrincipal == default)
|
||||||
|
|||||||
25
HRD.LDAPService/Ldap/LdapOptions.cs
Normal file
25
HRD.LDAPService/Ldap/LdapOptions.cs
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
namespace HRD.LDAPService.Ldap
|
||||||
|
{
|
||||||
|
public class LdapOptions
|
||||||
|
{
|
||||||
|
public bool LDAP_WebAppGroup_Is_Live { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_WINDREAM { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_DOMAIN { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_PATH_EDM { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_PATH_WEBAPPS { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_EDMUser_Prefix { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_EDMAdmin_Prefix { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_EDM_Prefix { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_WebAppp_Prefix { get; init; }
|
||||||
|
|
||||||
|
public string LDAP_Prefix_Test { get; init; }
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -17,6 +17,7 @@ using HRD.LDAPService.JWT;
|
|||||||
using HRD.WebApi.DAL.Middleware;
|
using HRD.WebApi.DAL.Middleware;
|
||||||
using HRD.WebApi.Helpers;
|
using HRD.WebApi.Helpers;
|
||||||
using StaffDBServer.SharedControllers;
|
using StaffDBServer.SharedControllers;
|
||||||
|
using HRD.LDAPService;
|
||||||
|
|
||||||
AppDomain.CurrentDomain.UnhandledException += (object sender, UnhandledExceptionEventArgs unhandledExceptionEventArgs) =>
|
AppDomain.CurrentDomain.UnhandledException += (object sender, UnhandledExceptionEventArgs unhandledExceptionEventArgs) =>
|
||||||
{
|
{
|
||||||
@ -56,6 +57,7 @@ try
|
|||||||
|
|
||||||
builder.Services.AddStaffDBRepositories();
|
builder.Services.AddStaffDBRepositories();
|
||||||
builder.Services.AddScoped<WebAppUserHelper>();
|
builder.Services.AddScoped<WebAppUserHelper>();
|
||||||
|
builder.Services.AddJwtManagerWithLdap(configuration.GetSection("LdapOptions"));
|
||||||
|
|
||||||
builder.Services.ConfigureWebApiExtensionsEnd(); // should come last
|
builder.Services.ConfigureWebApiExtensionsEnd(); // should come last
|
||||||
|
|
||||||
|
|||||||
@ -18,10 +18,13 @@ namespace StaffDBServer.SharedControllers
|
|||||||
|
|
||||||
WebAppEmployeeInfoRepository webAppEmployeeInfoRepository;
|
WebAppEmployeeInfoRepository webAppEmployeeInfoRepository;
|
||||||
|
|
||||||
public WebAppUserHelper(WebAppUserRepository webAppUserRepository, WebAppEmployeeInfoRepository webAppEmployeeInfoRepository)
|
private readonly JwtManager _jwtManager;
|
||||||
|
|
||||||
|
public WebAppUserHelper(WebAppUserRepository webAppUserRepository, WebAppEmployeeInfoRepository webAppEmployeeInfoRepository, JwtManager jwtManager)
|
||||||
{
|
{
|
||||||
this.webAppUserRepository = webAppUserRepository;
|
this.webAppUserRepository = webAppUserRepository;
|
||||||
this.webAppEmployeeInfoRepository = webAppEmployeeInfoRepository;
|
this.webAppEmployeeInfoRepository = webAppEmployeeInfoRepository;
|
||||||
|
_jwtManager = jwtManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<WebAppUser> CheckLoginWithJWTAsync(StringValues accessToken, string clientVersion)
|
public async Task<WebAppUser> CheckLoginWithJWTAsync(StringValues accessToken, string clientVersion)
|
||||||
@ -96,7 +99,7 @@ namespace StaffDBServer.SharedControllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static async Task<WebAppUser> DoCheckLoginWithNameAndPasswordAsync(WebAppUser userFromClient, WebAppUserRepository webAppUserRepository, WebAppEmployeeInfoRepository webAppEmployeeInfoRepository)
|
private async Task<WebAppUser> DoCheckLoginWithNameAndPasswordAsync(WebAppUser userFromClient, WebAppUserRepository webAppUserRepository, WebAppEmployeeInfoRepository webAppEmployeeInfoRepository)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@ -114,7 +117,7 @@ namespace StaffDBServer.SharedControllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
LdapUser ldapUser = new LdapUser(userFromClient.LoginName, webAppEmployeeInfo.EmployeeId, userFromClient.Password, webAppEmployeeInfo.DepartmentId, webAppEmployeeInfo.ExtendedDepartmentIdList);
|
LdapUser ldapUser = new LdapUser(userFromClient.LoginName, webAppEmployeeInfo.EmployeeId, userFromClient.Password, webAppEmployeeInfo.DepartmentId, webAppEmployeeInfo.ExtendedDepartmentIdList);
|
||||||
if (!JwtManager.GenerateLdapUserWithJwtToken(ldapUser))
|
if (!_jwtManager.GenerateLdapUserWithJwtToken(ldapUser))
|
||||||
{
|
{
|
||||||
if (ldapUser == default)
|
if (ldapUser == default)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -25,5 +25,17 @@
|
|||||||
"CustomConfig": {
|
"CustomConfig": {
|
||||||
},
|
},
|
||||||
|
|
||||||
"AllowedHosts": "*"
|
"AllowedHosts": "*",
|
||||||
|
"LdapOptions": {
|
||||||
|
"LDAP_WebAppGroup_Is_Live": false,
|
||||||
|
"LDAP_WINDREAM": "Windream_",
|
||||||
|
"LDAP_DOMAIN": "dhr.local",
|
||||||
|
"LDAP_PATH_EDM": "OU=DMS,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local",
|
||||||
|
"LDAP_PATH_WEBAPPS": "OU=Web-Apps,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local",
|
||||||
|
"LDAP_EDMUser_Prefix": "GG_EDMUser_Group",
|
||||||
|
"LDAP_EDMAdmin_Prefix": "GG_EDMAdmin_Group",
|
||||||
|
"LDAP_EDM_Prefix": "GG_EDM",
|
||||||
|
"LDAP_WebAppp_Prefix": "GG_WebApp",
|
||||||
|
"LDAP_Prefix_Test": "__Test"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user