使用Windows身份验证的Asp.Net Core 2.x Web应用程序中User.Identity.Name为null [英] User.Identity.Name is null in Asp.Net Core 2.x web application using Windows Authentication

问题描述

问题

当在Windows身份验证设置为true且匿名身份验证设置为false的IIS后面托管Asp.Net Core 2.0或2.1 Web应用程序时，User.Identity.Name属性为null，User.Identity.IsAuthenticated为false.

When hosting an Asp.Net Core 2.0 or 2.1 Web Application behind IIS with Windows Authentication set to true, and Anonymous Authentication set to false, the User.Identity.Name property is null and User.Identity.IsAuthenticated is false.

根据文档此处，当使用IIS托管时，Windows身份验证应仅在Asp.Net Core 2.x中工作.

According to the documentation here, Windows Authentication should just work in Asp.Net Core 2.x when hosting with IIS.

背景

我正在按照我正在当前托管使用Windows身份验证的Asp.Net 4.x MVC应用程序的服务器上测试站点. Windows用户的身份可以按预期使用.

I'm testing the site on a server that is currently hosting Asp.Net 4.x MVC applications that use Windows Authentication without issue. The Identity of the Windows user is available as expected.

完成迁移指南并解决所有构建问题之后，我在Web项目属性的调试"下创建了本地IIS"配置文件，并将启动"选项设置为"IIS".我只勾选了启用Windows身份验证"，然后浏览到该网站.尽管使用有效的域凭据登录，User.Identity.Name仍然为空.

After completing the migration guide and fixing all build issues, I've created a "Local IIS" profile under "Debug" in the web project properties, setting the "Launch" option to "IIS". I've ticked only "Enable Windows Authentication" and then browsed to the website. Despite being logged in with valid domain credentials, User.Identity.Name is still null.

在开始迁移过程之前，我已经安装了.Net Core 2.1 SDK，并且以前已经安装了.Net Core 1.0.1 SDK Preview.该服务器运行带有IIS 7的Windows 2008 R2.

I installed the .Net Core 2.1 SDK before starting the migration process and have previously installed the .Net Core 1.0.1 SDK Preview. The server is running Windows 2008 R2 with IIS 7.

我尝试过的事情

为了确保在迁移过程中没有引入此问题，我使用MVC模板并针对.NET Framework 4.7.2创建了一个新的ASP.NET Core Web应用程序.选择模板时，我配置了"Windows身份验证".在确认使用IIS Express时Windows身份验证有效后，我如上所述配置了本地IIS.当浏览到IIS下时，导航栏的右上角显示"Hello，！".我尝试使用Asp.Net Core SDK 2.0和2.1中的模板进行此操作.

In order to ensure I hadn't introduced this problem during the migration process I created a new ASP.NET Core Web Applications, using the MVC template and targeting .NET Framework 4.7.2. I configured "Windows Authentication" when choosing the template. After confirming that Windows Authentication worked when using IIS Express, I configured Local IIS as above. When browsed to under IIS, the top right of the navigation bar shows "Hello, !". I tried this with templates from Asp.Net Core SDK 2.0 and 2.1.

我遵循了各种指南，Stackoverflow回答了所有与在Asp.Net Core应用程序本身中配置Windows身份验证有关的问题.结果要么没有变化，要么是连续登录提示，它们从不接受有效的用户名和密码.这些解决方案似乎是针对较旧版本的框架或开发人员尝试组合多种身份验证方法的方案编写的.

I've followed various guides and Stackoverflow answers all relating to configuring Windows Authentication within the Asp.Net Core application itself. Results have been either no change, or continuous login prompts that never accept a valid username and password. It appears these solutions may be written for older versions of the framework or scenarios where the developer is attempting to combine multiple authentication methods.

推荐答案

原因

服务器已安装了过时的.Net Core 2.0 IIS模块，默认情况下它不转发Windows身份验证详细信息.此处描述了此问题:

The server has an outdated .Net Core 2.0 IIS Module installed that does not forward windows authentication details by default. This problem is described here: .Net Core 2.0 Project With Windows Authentication Fail When Published to IIS. Installing the latest .Net Core 2.0 Runtime should fix this.

可以通过在PowerShell中运行以下命令对此进行验证:

This can be verified this by running the following in PowerShell:

(Get-Item $env:SystemDrive\Windows\System32\inetsrv\aspnetcore.dll).VersionInfo

这将提供以下输出:

ProductVersion   FileVersion      FileName
--------------   -----------      --------
7.1.1967.0       7.1.1967.0       C:\Windows\System32\inetsrv\aspnetcore.dll

服务器要求版本为7.1.1972.0或更高版本.

The server requires version 7.1.1972.0 or higher.

解决方案1-项目修复

在配置本地IIS时由Visual Studio 2017生成的web.config中，将forwardWindowsAuthToken="true"作为属性添加到<aspNetCore>元素:

In the web.config generated by Visual Studio 2017 when configuring Local IIS, add forwardWindowsAuthToken="true" as an attribute to the <aspNetCore> element:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="bin\IISSupport\VSIISExeLauncher.exe" arguments="-argFile IISExeLauncherArgs.txt" stdoutLogEnabled="false" forwardWindowsAuthToken="true" />
    </system.webServer>
  </location>
  <system.web>
    <authentication mode="Windows" />
  </system.web>
</configuration>

解决方案2-系统范围内的修复程序

从 .Net下载页下载并安装最新的.Net Core运行时.运行时包括Windows Hosting Bundle和必需的IIS模块.如果已经安装了SDK，则它将包括运行时，但是，可能仍需要单独重新安装运行时才能解决此问题(选择修复选项).

Download and install the latest .Net Core Runtime from the .Net downloads page. The Runtime includes the Windows Hosting Bundle and required IIS module. If the SDK is already installed this will include the Runtime, however, the Runtime may still need to be installed again by itself to fix this issue (choose the repair option).

这篇关于使用Windows身份验证的Asp.Net Core 2.x Web应用程序中User.Identity.Name为null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！