問題描述
我正在嘗試讓 ActiveDirectory 和標(biāo)準(zhǔn)表單登錄都能正常工作,但有一件事阻止了我.我無法獲取當(dāng)前 Windows 用戶的名稱.我得到的最接近的是 var i = WindowsIdentity.GetCurrent();,但這給了我 IIS 應(yīng)用程序池用戶的名稱.我在 IIS 中啟用了匿名身份驗(yàn)證、表單身份驗(yàn)證和 Windows 身份驗(yàn)證.我可以從 AD 加載用戶,所以我假設(shè)我的 web.config 設(shè)置正確.
I'm trying to get both ActiveDirectory and standard forms login working but one thing is stopping me. I can't get the name of the current windows user. The closest I've got is var i = WindowsIdentity.GetCurrent();, but that gives me the name of the IIS app pool user. I have Anonymous Authentication, Forms Authentication and Windows Authentication enabled in IIS. I can load users from AD so I assume my web.config is setup correctly.
編輯:這是我的 web.config(使用 Facade 提供程序):
Edit: This is my web.config (using a Facade provider):
<membership defaultProvider="HybridMembershipProvider">
<providers>
<clear />
<add name="HybridMembershipProvider" type="MyApp.Data.HybridMembershipProvider" AspNetProviderName="AspNetSqlMembershipProvider" ActiveDirectoryProviderName="ADMembershipProvider" />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MyAppConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName" enableSearchMethods="true" attributeMapEmail="mail"/>
</providers>
</membership>
編輯 2:這是我的 IIS 安全設(shè)置.
Edit 2: Here's my IIS security setup.
推薦答案
如果您在 IIS 中打開 ASP.Net Impersonation,您可以獲得您想要的用戶名.僅當(dāng)該數(shù)據(jù)位于表單成員資格提供商/AD 中且它們不是匿名的時(shí),這才有效.
If you turn on ASP.Net Impersonation in IIS, you can get the username like you wanted to. This will only work if that data is in the forms membership provider / AD, and they are not Anonymous.
此外,混合基于表單和基于 Windows/AD 的身份驗(yàn)證是可行的,但不推薦.如果需要,請(qǐng)參閱此.
Also, mixing Forms based and Windows/AD based auth is doable but not recommended. See this if you need to do it.
編輯:我想我誤解了您想要的內(nèi)容,因此這里對(duì)上述解決方案的情況進(jìn)行了高層次的掩飾:
EDIT: I think I misunderstood what you wanted so here's a high-level glossing over of what goes on with the aforementioned solution:
如果您關(guān)閉匿名身份驗(yàn)證并打開 Asp.Net Impersonation,IIS 將在有人訪問該站點(diǎn)時(shí)執(zhí)行 401 質(zhì)詢.
如果所有內(nèi)容都在同一個(gè)域中,Web 瀏覽器會(huì)將您的憑據(jù)發(fā)送到 IIS,IIS 將根據(jù)它的 Active Directory 驗(yàn)證它們,然后 AD 將為 IIS 提供一個(gè)身份以供使用.
If you turn off Anonymous Authentication, and turn on Asp.Net Impersonation, IIS will do a 401 Challenge whenever somebody visits the site.
If everything is on the same domain, the web browser will send your credentials to IIS, IIS will validate them against it's Active Directory, and then AD will give IIS an Identity to work with.
當(dāng)您打開 Asp.Net Impersonation 時(shí),IIS 會(huì)將該標(biāo)識(shí)綁定到當(dāng)前線程/請(qǐng)求.因此,在身份驗(yàn)證發(fā)生后,您可以從當(dāng)前線程標(biāo)識(shí)中獲取用戶名,然后像這樣查詢 Active Directory:
When you have Asp.Net Impersonation turned on, IIS will then bind that Identity to the current thread/request. So after authentication happens, you can just grab the username from the current thread identity, and then query Active Directory like:
using System.Threading;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
......
PrincipalContext pc = null;
UserPrincipal principal = null;
try
{
var username = Thread.CurrentPrincipal.Identity.Name;
pc = new PrincipalContext(ContextType.Domain, "active.directory.domain.com");
principal = UserPrincipal.FindByIdentity(pc, username);
var firstName = principal.GivenName ?? string.Empty
var lastName = principal.Surname ?? string.Empty
return string.Format("Hello {0} {1}!", firstName, lastName);
}
catch ...
finally
{
if (principal != null) principal.Dispose();
if (pc != null) pc.Dispose();
}
這篇關(guān)于ASP.NET 中的 ActiveDirectory 當(dāng)前用戶名的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!