ActiveDirectory中当前用户名在ASP.NET [英] ActiveDirectory Current Username in ASP.NET
问题描述
我试图让双方的ActiveDirectory和标准的登录方式工作,但有一件事是阻止我。我不能让当前的Windows用户的名称。我得到的最接近的是变种I = WindowsIdentity.GetCurrent(); ,但是给我的IIS应用程序池的用户名。我有匿名身份验证,窗体身份验证和Windows身份验证在IIS中启用。我可以加载用户的广告,我想我的web.config是设置正确。
I'm trying to get both ActiveDirectory and standard forms login working but one thing is stopping me. I can't get the name of the current windows user. The closest I've got is var i = WindowsIdentity.GetCurrent();, but that gives me the name of the IIS app pool user. I have Anonymous Authentication, Forms Authentication and Windows Authentication enabled in IIS. I can load users from AD so I assume my web.config is setup correctly.
修改:这是我的web.config(使用门面提供商):
Edit: This is my web.config (using a Facade provider):
<membership defaultProvider="HybridMembershipProvider">
<providers>
<clear />
<add name="HybridMembershipProvider" type="MyApp.Data.HybridMembershipProvider" AspNetProviderName="AspNetSqlMembershipProvider" ActiveDirectoryProviderName="ADMembershipProvider" />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MyAppConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName" enableSearchMethods="true" attributeMapEmail="mail"/>
</providers>
</membership>
编辑2:这是我的IIS安全设置
Edit 2: Here's my IIS security setup.
推荐答案
如果您打开ASP.Net模拟在IIS中,你可以得到的用户名像你想的话。这只会工作,如果该数据是在形式的成员资格提供/ AD,他们是不是匿名的。
If you turn on ASP.Net Impersonation in IIS, you can get the username like you wanted to. This will only work if that data is in the forms membership provider / AD, and they are not Anonymous.
此外,混合形式和基于Windows / AD基于身份验证是可行的,但不建议使用。请参阅<一href="http://stackoverflow.com/questions/2250921/mixing-forms-authentication-with-windows-authentication">this如果你需要做到这一点。
Also, mixing Forms based and Windows/AD based auth is doable but not recommended. See this if you need to do it.
修改:我想我误解你想要的东西所以这里是一个高层次的所发生的与上述解决办法掩饰:
EDIT: I think I misunderstood what you wanted so here's a high-level glossing over of what goes on with the aforementioned solution:
如果您关闭匿名身份验证,并打开Asp.Net模拟,IIS会做一个401挑战每当有人访问该网站。
如果一切都在同一个域中,Web浏览器将发送您的凭据到IIS,IIS将验证他们反对的Active Directory,然后AD会给IIS的身份进行工作。
If you turn off Anonymous Authentication, and turn on Asp.Net Impersonation, IIS will do a 401 Challenge whenever somebody visits the site.
If everything is on the same domain, the web browser will send your credentials to IIS, IIS will validate them against it's Active Directory, and then AD will give IIS an Identity to work with.
当你Asp.Net模拟打开,IIS然后将绑定的身份到当前线程/请求。验证操作之后,您可以随意在当前线程标识的用户名,然后查询Active Directory这样的:
When you have Asp.Net Impersonation turned on, IIS will then bind that Identity to the current thread/request. So after authentication happens, you can just grab the username from the current thread identity, and then query Active Directory like:
using System.Threading;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
......
PrincipalContext pc = null;
UserPrincipal principal = null;
try
{
var username = Thread.CurrentPrincipal.Identity.Name;
pc = new PrincipalContext(ContextType.Domain, "active.directory.domain.com");
principal = UserPrincipal.FindByIdentity(pc, username);
var firstName = principal.GivenName ?? string.Empty
var lastName = principal.Surname ?? string.Empty
return string.Format("Hello {0} {1}!", firstName, lastName);
}
catch ...
finally
{
if (principal != null) principal.Dispose();
if (pc != null) pc.Dispose();
}
这篇关于ActiveDirectory中当前用户名在ASP.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
