Auth using LDAP – where is a good place to put the LDAP connection check?

huangapple go评论60阅读模式
英文:

Auth using LDAP - where is a good place to put the LDAP connection check?

问题

我的应用程序使用Windows身份验证获取用户的凭据,并通过LDAP检查它们与Active Directory匹配。

它不使用Laravel的Auth,也不使用任何会话,它只是在每个请求上验证用户(因为它是一个内部系统,所以与LDAP的连接非常快速)。

验证是一个简单的LDAP连接,检查用户的凭据是否真的存在于AD中。凭据本身会自动通过$_SERVER['AUTH_USER']变量传递到请求中。

目前,我将这个特性放在每个控制器上,但也许我可以做得更好,将它放在其他地方?也许是AppServiceProviderAuthServiceProviderboot()方法?在哪里放置这个LDAP验证会更合适?

英文:

My app uses Windows Authentication to get the user's credentials and check them against the Active Directory via LDAP

It doesn't use Laravel's Auth, or any session, it simply verifies the user on every request (It's an internal system so the connection to the LDAP is pretty quick)

The verification is a simple LDAP connection that checks if the user's credentials really exists in the AD. The credentials themselves are automatically passed in the request via the $_SERVER['AUTH_USER'] variable

Currently I place the trait on every Controller, but maybe I can do it better, and put it someone else? Maybe AppServiceProvider or AuthServiceProvider's boot()? Where would be a proper place for this LDAP verification?

答案1

得分: 1

假设您有一个中间件,您可以在其中使用RequestsetUserResolver()方法。

class yourMiddleware extends Middleware
{
    public function handle(Request $request, Closure $next)
    {
        $request->setUserResolver(function ($guard = null) use ($request) {
            // 我不熟悉ldap,但在这里
            // 您需要编写必要的逻辑
            // 来返回用户。您可以使用$request。

            return $user;
        });

        $next($request);
    }
}

现在,在您的控制器中:

class yourController extends Controller
{
    public function index(Request $request) // <- 经过中间件的请求
    {
        // 您可以使用以下方式访问用户
        $request->user();
    }
}

如果您不想使用这种方法覆盖$request->user()的默认行为,您可以传入一个guard

$request->setUserResolver(function ($guard = null) use ($request) {
    if ($guard === 'ldap') {
        // 我不熟悉ldap,但在这里
        // 您需要编写必要的逻辑
        // 来返回用户。您可以使用$request。

        return $user;
    }
});
$request->user()       // 默认行为,web guard
$request->user('ldap') // 进入回调的if语句。
英文:

Assuming you have a Middleware, you can use the Request's setUserReolver() method in it.

class yourMiddleware extends Middleware
{
    public function handle(Request $request, Closure $next)
    {
        $request-&gt;setUserResolver(function ($guard = null) use ($request) {
            // I&#39;m not familiar with ldap but here
            // you need to write the logic necessary
            // to return the user. You have the $request available.

            return $user;
        });

        $next($request);
    }
}

Now, in your controller

class yourController extends Controller
{
    public function index(Request $request) // &lt;- request that has gone through the middleware
    {
        // You are able to access the user with
        $request-&gt;user();
    }
}

If you don't want to override $request-&gt;user()'s default behavior with this, you can pass in a guard.

$request-&gt;setUserResolver(function ($guard = null) use ($request) {
    if ($guard === &#39;ldap&#39;) {
        // I&#39;m not familiar with ldap but here
        // you need to write the logic necessary
        // to return the user. You have the $request available.

        return $user;
    }
});
$request-&gt;user()       // default behavior, web guard
$request-&gt;user(&#39;ldap&#39;) // gets into the callback&#39;s if statement.

huangapple
  • 本文由 发表于 2023年6月12日 15:33:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76454466.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定