在Windows服务托管当卡西尼 - 开发不正确的Windows标识 [英] Incorrect windows identity in Cassini-Dev when hosted in Windows Service

问题描述

我主持CassiniDev 4.0在我的Windows服务运行的MVC 3.0配置网站我的服务。

I am hosting CassiniDev 4.0 in my windows service running an MVC 3.0 configuration site for my service.

我有web.config中设置为使用Windows身份验证。当我看到在该网站上的HttpContext.User中，则说明该服务正在运行下，提出请求的用户不是itentity的身份。该User.AuthenticationType是NTLM，这是正确的，顺便说一句。

I have the web.config setup to use windows authentication. When I look at the HttpContext.User in the web site, it shows the identity that the service is running under, not the itentity of the user making the request. The User.AuthenticationType is NTLM, which is correct, BTW.

这似乎是pretty显然是一个错误，但希望由社区来运行它，看看是否有一些配置我失踪。

This seems pretty clearly to be a bug, but wanted to run it by the community to see if there is some configuration I am missing.

看起来这可能是对这个问题postedlast星期的变化：

It seems like it might be a variation on this issue postedlast week:

<一个href=\"http://stackoverflow.com/questions/8241320/securityidentifiers-in-cassini-devs-ntlm-authentication\">SecurityIdentifiers在卡西尼 - Dev的NTLM身份验证

推荐答案

这绝对是卡西尼开发一个bug。它看起来像这个方法返回错误令牌： Request.GetUserToken（）。在code：

This is definitely a bug in Cassini Dev. It looks like this method is returning the wrong token: Request.GetUserToken(). The code:

public override IntPtr GetUserToken()
{
    return _host.GetProcessToken();
}

在这里_host.GetProcessToken（）是指向属于谁拥有卡西尼进程的用户的安全令牌，它的不可以属于该公司在登录的用户的令牌。有什么需要发生在 NtlmAuth 对象需要通过安全令牌回请求对象，以便它可以返回该时方法被调用而不是主机的令牌。真的不知道该怎么办最好的方法是，但你可以看到 NtlmAuth 类，安全令牌在这里获得的：

And here _host.GetProcessToken() is a pointer to a security token belonging to the user who owns the Cassini process, it is not the token belonging to the user that's logged in. What needs to happen is the NtlmAuth object needs to pass the security token back to the Request object so that it can be returned when this method is called instead of the host's token. Not really sure what the best way to do this is but you can see in the NtlmAuth class, the security token is acquired here:

IntPtr phToken = IntPtr.Zero;
if (Interop.QuerySecurityContextToken(ref _securityContext, ref phToken) != 0)
{
     return false;
}

phToken 是安全令牌，但它需要返回到Request对象，而不是调用 Interop.CloseHandle（phToken）; 后在该方法中，在那里它释放令牌。需要注意的是CloseHandle的（）需要被最终令牌上的所谓的，否则，将会有新通过登录的用户，但是未使用的将永远不会得到释放的每个请求发出。一个可能的地方做，这是在请求对象，它的子类的的SimpleWorkerRequest 并可以覆盖<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.hosting.simpleworkerrequest.endofrequest.aspx\"相对=nofollow> EndOfRequest 的方法来对安全令牌调用CloseHandle的（）。

phToken is the security token but it needs to get back to the Request object and not call Interop.CloseHandle(phToken); later in that method, where it frees the token. Note that CloseHandle() needs to be called on the token eventually, otherwise a new one will be issued for every request made by a logged in user but unused ones will never get freed. One possible place to do this is in the Request object, which subclasses SimpleWorkerRequest and you can override the EndOfRequest method to call CloseHandle() on the security token.

这篇关于在Windows服务托管当卡西尼 - 开发不正确的Windows标识的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！