ASP.NET Core 2.1,C#应用程序,C#Web服务,访问SQL数据库
[英]asp.net core 2.1, C# app, c# web service, access SQL database
问题描述
I have been fighting with the following problem all week and was hoping somebody could be of help. 
我整个星期都在与以下问题作斗争,并希望有人能提供帮助。 My application has three parts. 我的应用程序分为三个部分。
- a SQL database (own machine), 一个SQL数据库(自己的计算机),
- a web service (IIS machine) and Web服务(IIS计算机)和
- the application itself (also on the same IIS as the web service). 应用程序本身(也与Web服务在同一IIS上)。
The application talks to the web service which in turn gets data from the SQL database. 该应用程序与Web服务进行通信,该Web服务又从SQL数据库获取数据。 I am using windows authentication. 我正在使用Windows身份验证。 When the app is running locally on my machine it receives data from the web service without a problem. 当应用程序在我的计算机上本地运行时,它将毫无问题地从Web服务接收数据。 When I host the application on the web server (both the application and the web service are hosted on the same machine) I get a 401 (authentication) error. 当我将应用程序托管在Web服务器上时(应用程序和Web服务都托管在同一台计算机上),我收到401(身份验证)错误。
in the app I get the current windows user using in the controller: 在应用程序中,我获得了当前在控制器中使用的Windows用户:
System.Security.Claims.ClaimsPrincipal currentUser = this.User;
WindowsIdentity identity = (WindowsIdentity) currentUser.Identity;
To access the web service (which in turn accesses the database) I use this code: 要访问Web服务(依次访问数据库),我使用以下代码:
await WindowsIdentity.RunImpersonated(identity.AccessToken, async () =>
{
request = new HttpRequestMessage(HttpMethod.Get, uri);
});
I have checked on IIS that I am getting the correct identity when the code is running on the server -> I do actually get the Windows user and not the IIS AppPool user (I was getting that previously before I swapped to using System.Security.Claims.ClaimsPrincipal). 我在IIS上检查了代码是否在服务器上运行时是否获得了正确的身份->实际上,我确实是Windows用户,而不是IIS AppPool用户(我在更换为使用System.Security之前已获得了该用户)。 Claims.ClaimsPrincipal)。
I know the problem is that the identity is not being passed to the web service although I am using the correct user. 我知道问题是,尽管我使用的是正确的用户,但身份没有传递给Web服务。 Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 已采纳 2018-06-11 08:55:02
ok, so after a lot of online research I found the problem. 好的,所以经过大量在线研究之后,我发现了问题所在。 Since 2003 Microsoft has implemented a loopback check for Man-in-the-Middle attacks - this was causing problems for me as my FQDN was not the same as the URL base address. 自2003年以来,Microsoft实施了针对中间人攻击的环回检查-由于我的FQDN与URL基址不同,这对我造成了问题。 I deactivated this check ( http://artykul8.com/2010/01/windows-server-iis-sharepoint-and-null-sid-audit-failures/ ) and now my credentials are being passed through correctly. 我停用了此检查( http://artykul8.com/2010/01/windows-server-iis-sharepoint-and-null-sid-audit-failures/ ),现在我的凭据已正确通过。 As this is a test server I don't have a problem with this solution :) 由于这是一个测试服务器,因此此解决方案没有问题:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.