英文:
Auth using LDAP - where is a good place to put the LDAP connection check?
问题
我的应用程序使用Windows身份验证获取用户的凭据,并通过LDAP检查它们与Active Directory匹配。
它不使用Laravel的Auth,也不使用任何会话,它只是在每个请求上验证用户(因为它是一个内部系统,所以与LDAP的连接非常快速)。
验证是一个简单的LDAP连接,检查用户的凭据是否真的存在于AD中。凭据本身会自动通过$_SERVER['AUTH_USER']变量传递到请求中。
目前,我将这个特性放在每个控制器上,但也许我可以做得更好,将它放在其他地方?也许是AppServiceProvider或AuthServiceProvider的boot()方法?在哪里放置这个LDAP验证会更合适?
英文:
My app uses Windows Authentication to get the user's credentials and check them against the Active Directory via LDAP
It doesn't use Laravel's Auth, or any session, it simply verifies the user on every request (It's an internal system so the connection to the LDAP is pretty quick)
The verification is a simple LDAP connection that checks if the user's credentials really exists in the AD. The credentials themselves are automatically passed in the request via the $_SERVER['AUTH_USER'] variable
Currently I place the trait on every Controller, but maybe I can do it better, and put it someone else? Maybe AppServiceProvider or AuthServiceProvider's boot()? Where would be a proper place for this LDAP verification?
答案1
得分: 1
假设您有一个中间件,您可以在其中使用Request的setUserResolver()方法。
class yourMiddleware extends Middleware
{
public function handle(Request $request, Closure $next)
{
$request->setUserResolver(function ($guard = null) use ($request) {
// 我不熟悉ldap,但在这里
// 您需要编写必要的逻辑
// 来返回用户。您可以使用$request。
return $user;
});
$next($request);
}
}
现在,在您的控制器中:
class yourController extends Controller
{
public function index(Request $request) // <- 经过中间件的请求
{
// 您可以使用以下方式访问用户
$request->user();
}
}
如果您不想使用这种方法覆盖$request->user()的默认行为,您可以传入一个guard。
$request->setUserResolver(function ($guard = null) use ($request) {
if ($guard === 'ldap') {
// 我不熟悉ldap,但在这里
// 您需要编写必要的逻辑
// 来返回用户。您可以使用$request。
return $user;
}
});
$request->user() // 默认行为,web guard
$request->user('ldap') // 进入回调的if语句。
英文:
Assuming you have a Middleware, you can use the Request's setUserReolver() method in it.
class yourMiddleware extends Middleware
{
public function handle(Request $request, Closure $next)
{
$request->setUserResolver(function ($guard = null) use ($request) {
// I'm not familiar with ldap but here
// you need to write the logic necessary
// to return the user. You have the $request available.
return $user;
});
$next($request);
}
}
Now, in your controller
class yourController extends Controller
{
public function index(Request $request) // <- request that has gone through the middleware
{
// You are able to access the user with
$request->user();
}
}
If you don't want to override $request->user()'s default behavior with this, you can pass in a guard.
$request->setUserResolver(function ($guard = null) use ($request) {
if ($guard === 'ldap') {
// I'm not familiar with ldap but here
// you need to write the logic necessary
// to return the user. You have the $request available.
return $user;
}
});
$request->user() // default behavior, web guard
$request->user('ldap') // gets into the callback's if statement.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论