"...和主域之间的信任关系失败".在MVC5身份验证中 [英] "Trust relationship between ... and the primary domain failed" in MVC5 Authentication
问题描述
我有一个ASP .NET MVC5应用程序,在其中我不使用Windows身份验证.
I have a ASP .NET MVC5 application in which I am not using Windows Authentication.
一切正常,直到我尝试在正在开发该应用程序的域之外运行该应用程序,并且(无论出于何种原因)得到一个:
Everything was working fine until I tried running the application outside of the Domain in which it was being developed and (for whatever reason) got a:
The trust relationship between this workstation and the primary domain failed.
当我尝试执行User.IsInRole("Admin")时.
我正在使用来自.NET的Identity,Role,IdentityStore,RoleStore等> Identity ,我可以看到正在从(MongoDB)数据库中正确检索到用户和角色数据.
I am using custom Identity, Role, IdentityStore, RoleStore, etc. from .NET's Identity and I can see that the User and Role data is being retrieved from the (MongoDB) database correctly.
关于此问题有很多问题,但是这些问题来自想要使用Windows Auth的人.和模拟在他们的MVC应用程序中:
There are plenty of questions regarding this issue, but they're from people who want to use Windows Auth. and impersonation in their MVC applications:
如何配置Windows身份验证/模拟+ IIS 7 + MVC
那么,如果我不使用Active Directory,并且(据我所知)没有做任何可能依赖于PC域的事情,为什么我会得到这个SystemException?我是否缺少某些配置(在我的Web.config或IIS Express中)?
So why exactly am I getting this SystemException if I'm not using Active Directory and (as far as I know) not doing anything that might depend on the PC's domain? Am I missing some configuration (either in my Web.config or IIS Express)?
好,所以缩小一下范围...
Ok, so narrowing it down a bit...
我的User.IsInRole("Admin")行在我的_Layout.cshtml视图中的if()语句内(即,根据角色知道在导航栏中显示的内容).
My User.IsInRole("Admin") line is inside an if() statement in my _Layout.cshtml View (i.e., to know what to show in the nav. bar depending on the role).
我现在知道,只有在没有用户通过身份验证并且不在用于开发的域中时,我才会收到上述错误.如果在该行上放置一个断点,则可以看到User对象是System.Security.Principal.WindowsIdentity,其基础Identity是System.Security.Principal.WindowsIdentity.
I now know I only get the error above when no user is authenticated and I'm not in the domain I used for dev. If I place a breakpoint on that line, I can see that the User object is is a System.Security.Principal.WindowsIdentity and its underlying Identity is System.Security.Principal.WindowsIdentity.
另一方面,如果用户通过了身份验证,则User对象和ts Identity分别是System.Security.Claims.ClaimsPrincipal和System.Security.Claims.ClaimsIdentity.
On the other hand, if the user is authenticated, then the User object and ts Identity are System.Security.Claims.ClaimsPrincipal and System.Security.Claims.ClaimsIdentity.
为什么它(在未经身份验证的情况下)完全使用Windows Identity?如何禁用它?
Why is it using Windows Identity at all (when unauthenticated) and how can I disable it?
推荐答案
因此,根据我的编辑,我已经修改了_Layout.cshtml,而不是拥有
So, based on my EDIT, I've modified my _Layout.cshtml so that instead of having
@if(User.IsInRole("Admin")) {...}
我有
@if(User.Identity.IsAuthenticated && User.IsInRole("Admin")) {...}
这似乎可以解决问题.
I believe the problem was that ASP .NET Identity uses an empty WindowsIdentity when no user is authenticated and when I try to check for the User.IsInRole, then it will try to check the roles of a WindowsIdentity against an Active Directory that I don't have. Obviously I should first check if the user is even logged in before attempting to check its roles, so mea culpa.
但是,即使上面的更改似乎可以修复我的代码,我还是非常想了解更多有关此行为的兴趣:为什么在没有用户通过身份验证时为何使用空的System.Security.Principal.WindowsIdentity.我会接受任何可以解释这一问题的答案.
But, even though the change above seems to fix my code, I'd be very interested in knowing more about this behavior: why is it using an empty System.Security.Principal.WindowsIdentity when no user is authenticated. I'll accept any answer which explains that.
这篇关于"...和主域之间的信任关系失败".在MVC5身份验证中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
