表单身份验证和以编程方式使用当前用户凭据 [英] Forms Authentication and using Current User Credentials programmatically
问题描述
使用表单身份验证并锁定路径,因此您需要进行身份验证才能访问页面/数据.
我正在尝试使用当前经过身份验证的用户凭据来处理内的Web请求.用户导航到的aspx页面.代码如下:
<pre>HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);<br />req.Credentials = CredentialCache.DefaultCredentials;<br /> <br />WebResponse res = req.GetResponse();</pre>
注意:uri有效.
响应是重定向到登录页面(错误的凭据重定向到登录页面),而不是请求的Web请求提供的数据.
我正在努力寻找所需做的事情,以便像处理当前经过身份验证的用户一样处理此请求.
任何建议都是最有效的方法赞赏.
提前感谢.
蚂蚁.
Using Forms Authentication and locking down the path so you need to be authenticated to access the pages / data.
I am trying to use the current authenticated user credentials in order to process a web request within the .aspx page that the user has navigated to. Code as below:<pre>HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);<br />req.Credentials = CredentialCache.DefaultCredentials;<br /> <br />WebResponse res = req.GetResponse();</pre>
NOTE: the uri is valid.
The response is a redirect to the login page (bad credentials redirect to login page) and not the requested data provided by the web request.
I am struggling to find what I need to do in order for this request to be processed as though it was the current authenticated user.
Any advice is most appreciated.
Thanks in advance.
Ant.
推荐答案
表单身份验证(默认情况下)通过在登录时将加密的票证存储为cookie来工作,然后身份验证模块读取并解释为确定当前登录的用户.
对于您描述要工作的情况(如果我没有误解您的话),构成您的HttpWebRequest
的uri必须位于同一Web应用程序中(即不太可能),或者是配置为使用与调用应用程序相同的machineKey
的表单身份验证的Web应用程序.在 web.config 中使用通用的machineKey
配置多个应用程序是实现单点登录的一种方法,它允许用户进行一次登录,然后再传递给其他应用程序.您可以在"Web服务器场部署注意事项"下阅读以下文章,以了解如何:
http://msdn.microsoft.com/en-us/library/ms998288.aspx [
然后从调用应用程序中,将已经创建的表单身份验证cookie(再次通过成功提交用户登录表单)添加到请求对象的 ^ ],然后再进行呼叫.如果目标应用程序配置正确,它将自动解释cookie和表单身份验证凭据以确定用户.
Forms Authentication works (by default) by storing an encrypted ticket as a cookie upon login, which the authentication module then reads and interprets to determine the currently logged in user.
For the situation you describe to work (if I am not misunderstanding you), the uri that forms yourHttpWebRequest
needs to either be in the same web application (which would be very unlikely) or it would be to a web application that is configured to use forms authentication with the samemachineKey
as the calling application. Configuring multiple applications with a commonmachineKey
in web.config is one way to achieve single sign-on, allowing the user to have one login that passes through to other applications. You can read the following article, under "Web Farm Deployment Considerations" to see how:
http://msdn.microsoft.com/en-us/library/ms998288.aspx[^]
There is also a bunch of blog articles describing single signon you can find by googling "asp.net forms authentication single sign-on"
Then from the calling application it would be a matter of adding the forms authentication cookie that has already been created (again through the successful submission of a user login form) to the request object''s CookieContainer[^] prior to making the call. If the target application is configured correctly, it will automatically interpret the cookie and the forms authentication credentials to determine the user.
这篇关于表单身份验证和以编程方式使用当前用户凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!