tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
这是基于vue-vben-admin 模板适用于abp Vnext的前端管理项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2131 Commits
74 Branches
53 Tags
70 MiB
 
 
 
 
 
 
Tree: 2108dfa864
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2108dfa864'
${ noResults }
abp-next-admin/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md

3.5 KiB
Raw Blame History

LINGYUN.Abp.OpenIddict.Portal

ABP version NuGet

Introduction

LINGYUN.Abp.OpenIddict.Portal is a portal authentication extension module for OpenIddict, providing enterprise portal authentication functionality, including multi-tenant selection, two-factor authentication, password policies, and more.

简体中文

Features

  • Enterprise Portal Authentication

    • Support for enterprise list selection
    • Support for multi-tenant authentication
    • Support for enterprise logo display

  • Enhanced Password Authentication

    • Support for email login
    • Support for external login providers
    • Support for password policy validation
    • Support for forced password change
    • Support for periodic password change

  • Two-Factor Authentication

    • Support for multiple verification providers
    • Support for verification code validation
    • Support for authenticator validation

  • Security Logging

    • Record login attempts
    • Record login failures
    • Record password changes

Installation

dotnet add package LINGYUN.Abp.OpenIddict.Portal

Usage

  1. Add [DependsOn(typeof(AbpOpenIddictPortalModule))] to your module class.

  2. Configure OpenIddict server:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        // Allow portal authentication flow
        builder.AllowPortalFlow();
    });
}
  1. Usage example:
POST /connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=portal&
username=admin&
password=1q2w3E*&
enterpriseId=your-enterprise-id&
scope=openid profile

Authentication Flow

  1. Enterprise Selection

    • User provides enterprise ID (enterpriseId)
    • Returns available enterprise list if not provided or invalid

  2. Password Verification

    • Support for username or email login
    • Password policy validation
    • Account status check

  3. Two-Factor Authentication (if enabled)

    • Verify two-factor authentication code
    • Support for multiple verification providers

  4. Password Change (if required)

    • Force password change on first login
    • Periodic password change requirement

Parameters

  • username (required)

    • Username or email address

  • password (required)

    • User password

  • enterpriseId (required)

    • Enterprise ID, must be a valid GUID format

  • TwoFactorProvider (optional)

    • Two-factor authentication provider name
    • Only required when two-factor authentication is enabled

  • TwoFactorCode (optional)

    • Two-factor authentication code
    • Only required when two-factor authentication is enabled

  • ChangePasswordToken (optional)

    • Password change token
    • Only required when password change is needed

  • NewPassword (optional)

    • New password
    • Only required when password change is needed

Notes

  • Enterprise ID must be a valid GUID format
  • Password must comply with system-configured password policy
  • Two-factor authentication codes have limited validity
  • All authentication operations are recorded in security logs
  • HTTPS is recommended in production environments