[英]ASP.NET MVC 5: App Pool, Windows Authentication and Active Directory
Background: 背景:
I have an MVC 5/C# app that interfaces an outside API. 我有一个接口外部API的MVC 5 / C#应用程序。 It uses the
Active Directory
users' Principal Context
for authorization. 它使用
Active Directory
用户的Principal Context
进行授权。 The app checks if the UserPrincipal.Current
has their Un/Pw combo stored in the Db to be used for any operations later on the external API. 该应用程序检查
UserPrincipal.Current
是否将其Un / Pw组合存储在Db中,以便稍后在外部API上进行任何操作。
public bool IsUserSetup()
{
try
{
// find currently logged in user
var user = UserPrincipal.Current; // <- ERRS HERE -----
// check if this user exists in Db with creds
if (user != null)
{
var u = _userProfileRepository.GetUserProfileByUserSID(user.Sid.ToString());
if (u != null
&& !string.IsNullOrEmpty(u.RallyUsername)
&& !string.IsNullOrEmpty(u.RallyPassword)
&& u.IsActive // <-- make sure this person is an active user
)
{
return true;
}
}
}
catch (Exception ex)
{
string exMessage = ex.Message;
//throw ex;
}
return false;
}
UserPrincipal.Current
will return the App Pool's identity by default. UserPrincipal.Current
会返回App Pool的标识。 <system.web> <identity impersonate="true"/>...
<system.web> <identity impersonate="true"/>...
However, if I turn Impersonation on (true), then I get this: 但是,如果我打开Impersonation(true),那么我得到这个:
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
So, I change the app pool
to use 'classic'(Which I don't think is the answer or path I should take), and I get this error: 所以,我将
app pool
更改为使用'经典'(我认为这不是我应该采取的答案或路径),我收到此错误:
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
Obviously, this works great in IIS Express, it sees me (domain\\username) just fine. 显然,这在IIS Express中运行良好,它看到我(域\\用户名)就好了。 But when I switch it to IIS or deploy it to an actual web server, I get these problems.
但是,当我将其切换到IIS或将其部署到实际的Web服务器时,我遇到了这些问题。
I need to get the current user/principal so I can store their SID and credentials to the external API in the Db. 我需要获取当前用户/主体,以便我可以将他们的SID和凭证存储到Db中的外部API。 Then upon using the site/app, it auto-magically uses their creds to do work in the API as needed.
然后在使用网站/应用程序时,它会根据需要自动神奇地使用他们的信用卡在API中工作。
What do I need to do to either: 我还需要做什么:
From here , use option 2, which is: 从这里开始 ,使用选项2,即:
<system.webServer>
<!--When using 'Integrated Pipeline' on IIS on the server, and if your application does not rely on impersonating the requesting user in the 'BeginRequest' and 'AuthenticateRequest' stages (the only stages where impersonation is not possible in Integrated mode), but still requires Impersonation in other areas of the application, ignore this error (500 - Internal Server Error) by adding the following to your application’s web.config-->
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.