星期三, 1月 16, 2008

Rainbow Portal 2.0 NTLM 網域整合Hack

Rainbow Portal雖然有小進展,其實搬到以後還是有如龜速。

的2.0下載是假的2.0,其實是用.net 1.1的dll兜起來,做夢也沒想過有這種做法 Orz
要選RainbowPortal2.0.Beta1,也就是標示為Rainbow Portal 2.1.0.1882 Beta 1的版本。

在此要感謝不愧為MCAD.Net的同事Joseph,指出在WebSites\App_Code\Global.asax.cs下手。打開Global.asax.cs會發現原來的LDAP整合code全都remark起來,所以從這裏開始惡搞(Hack)。
一定要聲明,這是惡搞,並不是正確的作法。正確作法應該要實作MemberShipProvider,例如ADMemberShipProvider之類。

在Application_AuthenticateRequest方法裏找到適當的位置,加入:
if (context.User is WindowsPrincipal)
{
Rainbow.Framework.Users.Data.UsersDB accountSystem = new Rainbow.Framework.Users.Data.UsersDB();
string userid = Request.ServerVariables["Logon_User"]; //檢查User是否存在 Rainbow.Framework.Providers.RainbowMembershipProvider.RainbowUser rainbowUser = accountSystem.GetSingleUser(userid);
if (rainbowUser == null)
{
//不存在則加入並登入,底下這個Employee class是我自己寫的,請依照自己的情況寫
Rainbow.Framework.Helpers.Employee employee = new Rainbow.Framework.Helpers.Employee(userid);
// 檢查是否為合法的員工
if (employee.isValid())
{
string password="隨便";
//Rainbow會用email作為username,因此改用自己Hack的AddUser,後面會提到
Guid newUserId = accountSystem.AddUser(userid, employee.getUserName(), email, password); }
}
//幫User登入
PortalSecurity.SignOn(userid, strangePassword, true);
}


Projects\Rainbow.Framework.Core\Security\Security.cs的IsInRole(string role)會出問題,改成 public static bool IsInRole(string role) {
bool useNTLM = HttpContext.Current.User.Identity.AuthenticationType == "NTLM";
if (useNTLM) {
if (role.Trim() == "Admins") {
PortalSettings portalSettings = (PortalSettings)HttpContext.Current.Items[strPortalSettings];
StringBuilder winRoles = new StringBuilder();
winRoles.Append(portalSettings.CustomSettings["WindowsAdmins"]);
winRoles.Append(";");
winRoles.Append(Config.ADAdministratorGroup);
return IsInRoles(winRoles.ToString());
}
if (role == HttpContext.Current.User.Identity.Name) {
return true;
}
return false;
} else {
bool bl = false;
try {
bl = HttpContext.Current.User.IsInRole(role);
}
catch (Exception ) { }
return bl;
}
}

再來是adduser的部份,在Projects\Rainbow.Framework.Core\DAL\UsersDb.cs加上這個method
public Guid AddUser(string userid, string fullName, string email, string password)
{
Guid newUserId = AddUser(userid, string.Empty, string.Empty, string.Empty,
string.Empty, string.Empty, 0, string.Empty, string.Empty, password, email, false);

RainbowUser user = MembershipProvider.GetUser(newUserId, false) as RainbowUser;
user.Name = fullName;
MembershipProvider.UpdateUser(user);
return newUserId;
}

這樣就有個具有.Net 2.0版的NTLM整合Rainbow,可以作為企業內網用。

沒有留言: