ASP.NET aspx页面code模拟运行模拟,虽然被禁用 [英] ASP.NET aspx page code runs impersonated though impersonation is disabled
问题描述
我在VS 2005中创建为ASP.NET应用程序的空白测试应用程序。 MSDN说了
I have a blank test app created in VS 2005 as ASP.NET application. MSDN says that
在默认情况下,ASP.NET不使用模拟,和你的code。使用ASP.NET应用程序的进程标识运行。
By default, ASP.NET does not use impersonation, and your code runs using the ASP.NET application's process identity.
和我有以下的web.config
And I have the following web.config
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" defaultLanguage="c#" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<identity impersonate="false"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
</configuration>
因此,它似乎模拟rel=\"nofollow\">文章是在暗示被禁用就像
So it seem impersonation is disabled just like the article is suggesting.
我的aspx是空白的默认和codebehind是
My aspx is blank default and the codebehind is
namespace TestWebapp
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
System.Diagnostics.Debug.WriteLine(String.Format("Before1: Current Princupal = {0}", Thread.CurrentPrincipal.Identity.Name));
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);
try
{
int a = 0;
System.Diagnostics.Debug.WriteLine(String.Format("After: Current Princupal = {0}", Thread.CurrentPrincipal.Identity.Name));
} finally
{
ctx.Undo();
}
}
}
}
当我重新加载页面我得到下面的调试输出:
When I reload the page I get the following debug output:
[5288] Before1:当前Princupal =
域\\用户
[5288]后:当前Princupal =
域\\用户
[5288] Before1: Current Princupal = DOMAIN\User [5288] After: Current Princupal = DOMAIN\User
输出与
<identity impersonate="false"/>
该网站使用默认应用程序池和游泳池被设置为使用网络服务帐户及其工作进程。
我敢肯定,应用程序使用它应该使用的web.config和w3p.exe工作进程正在NETWORK SERVICE运行。
The web site uses Default Application Pool and the pool is set up to use NETWORK SERVICE account for its worker processes. I'm sure the application uses the web.config it should use and the w3p.exe worker process is running under NETWORK SERVICE.
有什么可以错在这种情况下?
What can be wrong in this case?
谢谢!
@Edit:罗布,谢谢你的提示!
在$用户快捷方式让我发现,当我想到的一切正在发生的事情:与上冒充我有正在运行的用户NT AUTHORITY \\ NETWORK SERVICE进程和线程WindowsIdentity.Impersonate(IntPtr.Zero)之前域\\用户和无令牌主题。不是模仿。后。
但Thread.CurrentPrincipal.Identity.Name和HttpContext.Current.User.Identity.Name仍然给我域\\用户在这两个地方。
@ Rob, thanks for the tip! The $user shortcut shows me that everything is happening as I expect: with impersonation on I have the process running user NT AUTHORITY\NETWORK SERVICE and the thread has DOMAIN\User before WindowsIdentity.Impersonate(IntPtr.Zero) and "No Token. Thread not impersonating." after. But Thread.CurrentPrincipal.Identity.Name and HttpContext.Current.User.Identity.Name still give me DOMAIN\User in both places.
@Edit:我发现,要获得和Thread.CurrentPrincipal中改变HttpContext.Current.User我必须手工进行:
@ I've found out that to get Thread.CurrentPrincipal and HttpContext.Current.User changed I have to manually do it:
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
HttpContext.Current.User = Thread.CurrentPrincipal;
我不知道有什么意义在这里,但无论如何。我现在有一个问题与SharePoint共享服务管理用户配置文件权限但这是另外一个问题。
I'm not sure what's the point here, but anyway. I now have a problem with sharepoint shared services manage user profile permission but that's another question.
推荐答案
这是什么 HttpContext.User.Identity.Name
给你?
假设你已经检查IIS,它允许匿名访问中的安全选项卡?
Assume you've checked the security tab within IIS that it allows anonymous access?
您有一些奇怪的地方政策的Active Directory中的?
Are you within an active directory that has some strange local policy?
这篇关于ASP.NET aspx页面code模拟运行模拟,虽然被禁用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!