HttpContext.Current.User为空，即使Windows身份验证是 [英] HttpContext.Current.User is null even though Windows Authentication is on

问题描述

在IIS7在Windows Server 2008中，我有匿名访问关闭，Windows身份验证的虚拟目录。在我的web.config，我有：

In IIS7 under Windows Server 2008, I have a virtual directory with anonymous access off and Windows authentication on. In my web.config, I have:

<authentication mode="Windows"/>
<authorization>
    		<allow roles="MYGROUP"/>
    		<deny users="*"/>
</authorization>

和

<system.webServer>
    <!-- IIS7 security settings -->
    <security>
    	<authorization>
    			<add accessType="Deny" users="*"/>
    			<add accessType="Allow" roles="MYGROUP"/>
    	</authorization>
    </security>
</system.webServer>

然而，当我从IE浏览器访问的Default.aspx并设置Global.asax.vb Application_AuthenticateRequest断点（），我得到一个空HttpContext.Current.User在那里我期待我自己的身份。这是几乎一样，如果匿名访问是在？

Yet when I access default.aspx from IE and set a breakpoint in Global.asax.vb Application_AuthenticateRequest(), I get a null HttpContext.Current.User where I am expecting my own identity. It is almost as if Anonymous Access is on?

我能做些什么来解决呢？一切似乎都在IIS6工作。

What can I do to troubleshoot this? Everything seems to work in IIS6.

推荐答案

要移动的答案的应用程序池的回古典只是拖延问题。

The answer to of moving the Application Pool back to classical is just delaying the problem.

相反假的应用程序池独自从 Application_AuthenticateRequest移动你的身份验证检查（），在管道下一个功能：

Instead leave the application pool alone and move your authenticate check from Application_AuthenticateRequest(), to the next function in the pipeline:

Application_AuthorizeRequest(object sender, EventArgs e)

届时集成的应用程序池的已经完成了Windows身份验证可让您不接收空从 HttpContext.Current 。用户。

By then the integrated Application Pool has completed the windows authentication allow you not to receive null from HttpContext.Current.User.

这条管道可以发现<一个href=\"http://www.iis.net/learn/application-frameworks/building-and-running-aspnet-applications/aspnet-integration-with-iis\"相对=nofollow>此处的标题下（由CarlosAg提供的链接）的运行富达（一路下滑）。

The pipeline can be found here (link provided by CarlosAg) under the heading Runtime Fidelity (way down).

管道的可视化可以在 ASP网站上找到信息生命周期页面。在控制器部分检出的两个绿色盒子验证器和过滤器授权。这些都是你搞乱的区域。

A visualization of the pipeline can be found on the asp website message lifecycle page. In the controller section checkout the two green boxes "Authentication filters" and "Authorization filters". These are the areas you are messing with.

这篇关于HttpContext.Current.User为空，即使Windows身份验证是的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！