同时启用Windows身份验证和匿名身份验证时如何获取Windows用户名 [英] How to get windows user name when enabling both windows authentication and anonymous authentication

问题描述

我是在Core 2.0中首次在.net core中构建我的api.该客户端是使用vs 2017角度模板构建的.

I've built my api in .net core for the first time in core 2.0. The client is built using vs 2017 angular template.

即使没有使用Windows身份验证的其他应用程序也使用我的api.对于这些功能，我想允许匿名访问.因此，我必须同时启用Windows身份验证和匿名身份验证.

My api is used even by other applications which may not be using windows authentication. For those functions I want to allow anonymous access. For this reason I've to enable both windows authentication and anonymous authentication.

但是同时启用两者时，我知道我无法获取Windows用户名.在这种情况下，如何获取Windows用户名?

But when enable both I know I cannot get windows user name. In that case how can get the windows user name?

当我同时启用Windows身份验证和Windows身份验证时，以下代码中断.

The following code breaks when I enable anonymous authentication along with windows authentication.

[Route("current")]
public ADUser GetCurrentUser()
{

         string accountUser = this.User.Identity.Name;     
         return new ADUser { Name = accountUser };
}

有人可以帮助我如何处理以下情况.如果不能，那么有人可以告诉我如何在.net core 2.0中做以下事情

Can someone please help me how did they dealt the following situation. If not can someone tell me how to do the following things in .net core 2.0

1. 使用Windows身份验证对用户进行身份验证
2. 保护api不被恶意用户访问.
3. 甚至通过匿名用户也可以使用api的一些基本功能.

使用Windows身份验证时，我需要能够获取Windows用户名，以便检查用户，角色数据库以对其进行相应的授权.

When using windows authentication I need to be able to get windows user name so I check my user, roles database to authorize them accordingly.

[更新] 正如我所说，我知道在启用Windows身份验证并禁用IIS中的所有其他身份验证类型时会获得Windows用户名.但是，即使使用[AllowAnonymous]，我也无法访问希望匿名用户能够访问的功能.

[Update] As I said I know I get windows user name when I enable Windows Authentication and disable all other authentication types in IIS. But I am unable to access functions which I want anonymous users to be able to access even after using [AllowAnonymous].

我还可以从以下代码片段中了解到，如果仅启用Windows身份验证，AllowAnonymous不会有任何影响.

I can also read from the following snippet that AllowAnonymous doesn't have any affect if only windows authentication is enabled.

启用Windows身份验证并匿名时访问被禁用，[Authorize]和[AllowAnonymous]属性无效.如果将IIS站点(或HTTP.sys或WebListener服务器)配置为禁止匿名访问，则该请求永远不会到达您的应用程序.因此，[AllowAnonymous]属性不适用. 谢谢

When Windows authentication is enabled and anonymous access is disabled, the [Authorize] and [AllowAnonymous] attributes have no effect. If the IIS site (or HTTP.sys or WebListener server) is configured to disallow anonymous access, the request never reaches your app. For this reason, the [AllowAnonymous] attribute isn't applicable. Thanks

推荐答案

• 将应用程序部署到IIS，然后打开该站点的身份验证"菜单.
• 禁用匿名并启用Windows身份验证

• 将以下内容添加到ConfigureServices方法中:

//使用Microsoft.AspNetCore.Server.IISIntegration;

//using Microsoft.AspNetCore.Server.IISIntegration;

services.AddAuthentication(IISDefaults.AuthenticationScheme)

对于要保护的API或操作控制器，使用[Authorize]属性对其进行修饰，然后使用HttpContext.User.Identity.Name获取登录用户.在要允许访问的操作上使用[AllowAnonymous].

For the APIs or action controllers that you want to secure, decorate them with [Authorize] attribute, then you get the logged in user using HttpContext.User.Identity.Name. Use [AllowAnonymous] on actions that you want to allow access.

如果要保护安全并允许在同一api上进行访问，则需要提供自己的Authorization过滤器实现.

In case you want to secure and allow access on the same api, then you need to provide your own implementation of the Authorization filter.

有关更多详细信息，请检查此链接

For more details check this link

这篇关于同时启用Windows身份验证和匿名身份验证时如何获取Windows用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！