堆栈内存溢出
  简体   繁体   English

Windows Identity在ASP.NET请求管道中始终是匿名的

[英]Windows Identity always anonymous in ASP.NET request pipeline

 原文  2017-07-04 04:38:49       c#/ asp.net-mvc/ authentication/ iis/ windows-authentication

问题描述

I'm trying to create a simple action filter for my MVC site that checks the current Windows user against those allowed access to the site. 我正在尝试为我的MVC网站创建一个简单的操作筛选器,以根据允许的对该网站的访问来检查当前Windows用户。 For some reason, the filterContext.HttpContext.User.Identity object is always set to anonymous with no username. 由于某些原因, filterContext.HttpContext.User.Identity对象始终设置为不带用户名的匿名对象。 I've tried to grab it at different stages (OnAuthenticate and OnAuthorize), but it's always anonymous. 我尝试在不同的阶段(OnAuthenticate和OnAuthorize)抓取它,但是它始终是匿名的。

I currently have anonymous and Windows authentication enabled in IIS (actually followed this example to configure the Windows Auth feature), and I have the following block in the system.web node of my web.config: 我目前在IIS中启用了匿名身份验证 Windows身份验证(实际上遵循此示例来配置Windows身份验证功能),并且在我的web.config的system.web节点中具有以下块: 

<authentication mode="Windows" />
<authorization>
  <allow users="*" />
  <deny users="?" />
</authorization>

However for some reason, the Identity is always anonymous with no username. 但是由于某种原因,身份始终是匿名的,没有用户名。 I have to be missing something here. 我必须在这里丢失一些东西。 With Windows Auth set in IIS, I'm always prompted for the username/password combo (which actually fails with HTTP401.1 error 0xc000006d , though I think this might be because I have a custom host header setup for development). 在IIS中设置Windows身份验证后,总是会提示我输入用户名/密码组合(实际上会失败,并显示HTTP401.1错误0xc000006d ,尽管我认为这可能是因为我有用于开发的自定义主机头设置)。 I've also read a few articles that suggest this is because my site is determined to be in the internet zone and the answers always state to add the site to the intranet zone in Internet Explorer. 我还阅读了几篇文章,这些文章暗示这是因为我的站点被确定为位于Internet区域中,并且答案总是会指出要将该站点添加到Internet Explorer的Intranet区域中。 This seems like a band-aid fix though, and not the actual solution. 不过,这似乎是一个临时解决方案,而不是实际的解决方案。

Ideally, I would like to have the following: 理想情况下,我希望拥有以下内容:

  1. User browses to my site 用户浏览到我的网站
  2. Behind the scenes, their Windows username is picked up, and authenticated against allowed users managed by the app 在后台,他们的Windows用户名被拾取,并针对由该应用程序管理的允许用户进行身份验证
  3. User authenticated successfully, page loads, user is none the wiser they were authenticated 用户成功通过身份验证,页面加载,用户没有通过身份验证的明智选择

What do I need to do to achieve this? 我需要怎么做才能做到这一点?

Thanks in advance for any help. 在此先感谢您的帮助。 Please let me know if I can provide more context. 如果可以提供更多背景信息,请告诉我。

Edit: Forgot to add I'm running this on Windows 7 SP1, IIS 7.5 编辑:忘记添加我正在Windows 7 SP1,IIS 7.5上运行

4 个解决方案

解决方案1
 1  2017-07-04 18:16:10

In your solution explorer, press F4 over the project, and change Windows Authentication to Enable if you are running your project from Visual Studio; 在解决方案资源管理器中,在项目上按F4键,如果从Visual Studio运行项目,则将“ Windows身份验证”更改为“启用”。

In IIS select your WebSite -> Authentication and Disable Anonymous Authentication and make sure that " Windows Authentication " if Enable IIS中,选择“ WebSite” ->“ 身份验证禁用 匿名身份验证” ,并确保“ Windows身份验证 ”(如果启用)

解决方案2
 0  2017-07-04 05:25:37

Try 尝试 

<system.web>
    <identity impersonate="true" />
</system.web>

OR 要么

Click On The Project Not the Solution => Open Properties Explorer not right click properties => you will find Anonymous Authentication set to disabled 单击在项目上不是解决方案=>打开属性资源管理器, 而不是右键单击属性=>,您会发现将匿名身份验证设置为禁用

解决方案3
 0  2017-07-04 07:23:58

您需要从iis禁用匿名身份验证,并仅启用Windows身份验证。

解决方案4
 0 已采纳  2017-07-04 07:37:29

These two rules are in wrong order in your code 这两个规则在您的代码中顺序错误 

<allow users="*" />
<deny users="?" />

Since you first allow everyone, the second rule is not even evaluated. 由于您首先允许所有人,因此甚至不会评估第二条规则。

Try switching them 尝试切换它们 

<deny users="?" />
<allow users="*" />

This way you first deny anonymous requests so that the authentication pipeline can even return 401 to the client. 这样,您首先将拒绝匿名请求,以便身份验证管道甚至可以将401返回给客户端。 When the NTLM/Kerberos authentication picks the username, the second rule allows everyone (authenticated this time). 当NTLM / Kerberos身份验证选择用户名时,第二条规则允许所有人(这次已通过身份验证)。

For this to work you also have to disable the anonymous authentication. 为此,您还必须禁用匿名身份验证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET Windows身份验证+服务器始终获取匿名用户 - ASP.NET Windows Authentication + server always getting anonymous user ASP.NET身份-匿名配置文件 - ASP.NET Identity - Anonymous profiles ASP.NET Identity 2和匿名用户 - ASP.NET Identity 2 and Anonymous Users ASP.NET Identity 2是否支持匿名用户? - Does ASP.NET Identity 2 support anonymous users? 使用 Windows 身份验证的 ASP.NET Core 标识 - ASP.NET Core Identity with Windows Authentication ASP.NET Identity会在每次请求时重新生成Identity - ASP.NET Identity regenerats Identity at each request ASP.NET身份-令牌始终有效吗? (如果是这样,它们如何安全?) - ASP.NET Identity - Are tokens always valid? (If so, how are they safe?) ApplicationUser 始终为空 ASP.NET CORE 3.0 标识 - ApplicationUser always null ASP.NET CORE 3.0 Identity 授权属性始终返回错误的ASP.net MVC标识 - Authorize Attribute always returning false ASP.net MVC Identity 如何将 ASP.net 中的角色从匿名提升到 Windows 身份验证? - How to Elevate Role in ASP.net From anonymous to windows auth?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM