与预期ASP.NET MVC 4不工作假冒身份 [英] Identity Impersonation with ASP.NET 4 MVC not working as expected
问题描述
我在建立我们的分析师内联网MVC 4应用程序的过程。我们的目标是允许内部用户访问这个应用程序,而无需给出他们是我们的内部网络的一部分签字。当他们访问应用程序,我希望能够捕捉到他们的Windows用户名和使用LDAP检查对活动目录和检索他们属于部门并显示在屏幕上的相关细节。根据不同论坛的建议下,我选择了Windows身份验证此应用程序,我能够测试应用程序从Visual Studio中成功运行。我有麻烦的是,当我部署此我们UAT服务器运行IIS 7.5。
I am in the process of building a Intranet MVC 4 application for our analysts. The goal is to allow internal users access to this application without having to sign on given they are part of our internal network. When they access the application I want to be able to capture their windows user name and check against the active directory using LDAP and retrieve the department they belong to and display the relevant details on the screen. Based on the advice from different fora, I have chosen Windows Authentication for this application and I was able to test the app successfully running from Visual Studio. The trouble I am having is when I deploy this to our UAT server running IIS 7.5.
<authentication mode="Windows">
</authentication>
<identity impersonate="false" />
这是我的Web.config文件的当前状态。不论是否冒充是真还是假,应用程序似乎无法捕捉从该应用程序访问浏览器的Windows用户名。为
This is the current state of my Web.config file. Irrespective of whether impersonate is true or false, the application seems to not capture the windows username of the browser from which the application is accessed. Is
冒充= TRUE
为此需要呢?在主页上的欢迎消息,我总是看到/ IIS正在运行的应用程序托管的计算机的Windows用户名。我已经尝试了各种各样的方式来捕捉传入的用户请求的Windows用户名。
required for this at all? In the Welcome message on the homepage, I always see the windows user name of the computer where the application is hosted/IIS is running. I have tried a wide variety of ways to capture the Windows User name of the incoming user request.
string name = System.Web.HttpContext.Current.User.Identity.Name;
string name = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
string name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
string name = System.Web.HttpContext.Current.Request.ServerVariables["LOGON_USER"].Name;
等。我也看了成其他几个职位在这里像<一个href=\"http://stackoverflow.com/questions/1267071/how-to-get-windows-user-name-when-identity-impersonate-true-in-asp-net\">this.但我无法得到它的工作。恐怕我试图偶然,而不是真正了解正在发生的事情来实现这一目标?可能有人请指导我在正确的方向?
etc. I also looked into several other posts here like this. But I am unable to get it to work. I am afraid that I am trying to achieve this by accident rather than really understanding what is going on? Could someone please guide me in the right direction?
推荐答案
没有,你误会模拟的目的。
No, you misunderstand the purpose of impersonation.
首先,模拟不再在IIS 7或集成模式下运行的更大支持。
First, Impersonation is no longer supported in IIS 7 or greater running in integrated mode.
其次,模拟的目的是要改变用户工作进程下在运行时运行,具体地,以允许访问文件系统或者数据库资源作为该用户。它无关与一般的认证,并没有特别的有用的大多数网络应用程序
Second, the purpose of impersonation is to change the "user" the worker process runs under at runtime, specifically to allow access to filesystem or database resources as that user. It has nothing to do with authentication in general, and is not particularly useful for most web applications.
您希望使用Windows身份验证,但是你应该知道,这只会与Internet Explorer工作。它也将只与加入域的服务器上工作,并且没有任何中介Kerberos身份验证问题。 (这通常被称为双跳的问题)。其他浏览器不默认情况下,自动提供Active Directory帐户信息,尽管有些人可能会被配置为允许它这样做,有的则没有。
You want to use Windows Authentication, however you should know that this will only work with Internet Explorer. It will also only work with servers that are joined to your domain, and do not have any intermediary Kerberos authentication issues. (these are often known as "double hop" problems). Other browsers do not, by default, provide Active Directory account information automatically, although some may be configured to allow it to do so, others do not.
如果您使用的Windows身份验证正确配置服务器,您使用的是支持的ActiveDirectory Kerberos票据直通浏览器,并且没有会导致问题,这个直通网络问题,则可以使用 HttpContext.Current.User.Identity.Name 来获取用户名。
If you are using a properly configured server with Windows Authentication, and you are using a browser that supports ActiveDirectory Kerberos ticket passthrough, and there are no network issues that would cause problems with this passthrough, then you can use HttpContext.Current.User.Identity.Name to get the users name.
不要使用LogonName之类的东西,因为那些只会给你的工作进程,而不是身份验证的用户名。
Don't use LogonName or anything like that, as those will just give you the worker process, not the authenticated users name.
这篇关于与预期ASP.NET MVC 4不工作假冒身份的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
