"...和主域之间的信任关系失败".在MVC5身份验证中 [英] "Trust relationship between ... and the primary domain failed" in MVC5 Authentication
问题描述
我有一个ASP .NET MVC5应用程序,在其中我不使用Windows身份验证.
I have a ASP .NET MVC5 application in which I am not using Windows Authentication.
一切正常,直到我尝试在正在开发该应用程序的域之外运行该应用程序,并且(无论出于何种原因)得到一个:
Everything was working fine until I tried running the application outside of the Domain in which it was being developed and (for whatever reason) got a:
The trust relationship between this workstation and the primary domain failed.
当我尝试执行User.IsInRole("Admin")
时.
我正在使用来自.NET的Identity,Role
,IdentityStore
,RoleStore
等> Identity
,我可以看到正在从(MongoDB)数据库中正确检索到用户和角色数据.
I am using custom Identity
, Role
, IdentityStore
, RoleStore
, etc. from .NET's Identity
and I can see that the User and Role data is being retrieved from the (MongoDB) database correctly.
关于此问题有很多问题,但是这些问题来自想要使用Windows Auth的人.和模拟在他们的MVC应用程序中:
There are plenty of questions regarding this issue, but they're from people who want to use Windows Auth. and impersonation in their MVC applications:
如何配置Windows身份验证/模拟+ IIS 7 + MVC
那么,如果我不使用Active Directory,并且(据我所知)没有做任何可能依赖于PC域的事情,为什么我会得到这个SystemException
?我是否缺少某些配置(在我的Web.config
或IIS Express中)?
So why exactly am I getting this SystemException
if I'm not using Active Directory and (as far as I know) not doing anything that might depend on the PC's domain? Am I missing some configuration (either in my Web.config
or IIS Express)?
好,所以缩小一下范围...
Ok, so narrowing it down a bit...
我的User.IsInRole("Admin")
行在我的_Layout.cshtml
视图中的if()
语句内(即,根据角色知道在导航栏中显示的内容).
My User.IsInRole("Admin")
line is inside an if()
statement in my _Layout.cshtml
View (i.e., to know what to show in the nav. bar depending on the role).
我现在知道,只有在没有用户通过身份验证并且不在用于开发的域中时,我才会收到上述错误.如果在该行上放置一个断点,则可以看到User
对象是System.Security.Principal.WindowsIdentity
,其基础Identity
是System.Security.Principal.WindowsIdentity
.
I now know I only get the error above when no user is authenticated and I'm not in the domain I used for dev. If I place a breakpoint on that line, I can see that the User
object is is a System.Security.Principal.WindowsIdentity
and its underlying Identity
is System.Security.Principal.WindowsIdentity
.
另一方面,如果用户通过了身份验证,则User
对象和ts Identity
分别是System.Security.Claims.ClaimsPrincipal
和System.Security.Claims.ClaimsIdentity
.
On the other hand, if the user is authenticated, then the User
object and ts Identity
are System.Security.Claims.ClaimsPrincipal
and System.Security.Claims.ClaimsIdentity
.
为什么它(在未经身份验证的情况下)完全使用Windows Identity?如何禁用它?
Why is it using Windows Identity at all (when unauthenticated) and how can I disable it?
推荐答案
因此,根据我的编辑,我已经修改了_Layout.cshtml
,而不是拥有
So, based on my EDIT, I've modified my _Layout.cshtml
so that instead of having
@if(User.IsInRole("Admin")) {...}
我有
@if(User.Identity.IsAuthenticated && User.IsInRole("Admin")) {...}
这似乎可以解决问题.
I believe the problem was that ASP .NET Identity
uses an empty WindowsIdentity
when no user is authenticated and when I try to check for the User.IsInRole, then it will try to check the roles of a WindowsIdentity against an Active Directory that I don't have. Obviously I should first check if the user is even logged in before attempting to check its roles, so mea culpa.
但是,即使上面的更改似乎可以修复我的代码,我还是非常想了解更多有关此行为的兴趣:为什么在没有用户通过身份验证时为何使用空的System.Security.Principal.WindowsIdentity
.我会接受任何可以解释这一问题的答案.
But, even though the change above seems to fix my code, I'd be very interested in knowing more about this behavior: why is it using an empty System.Security.Principal.WindowsIdentity
when no user is authenticated. I'll accept any answer which explains that.
这篇关于"...和主域之间的信任关系失败".在MVC5身份验证中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!