[英]How to start and stop an ASP.NET Core 2.1 app programmatically with Windows Authentication enabled?
I have a very specific set of needs for an ASP.NET Core 2.1 application, that I can't seem to resolve. 我对ASP.NET Core 2.1应用程序有一组非常具体的需求,我似乎无法解决这个问题。 The purpose of the app is to demonstrate use of a web proxy with automation tools like Selenium, specifically against a site that uses NTLM authentication.
该应用程序的目的是演示如何使用自动化工具(如Selenium)使用Web代理,特别是针对使用NTLM身份验证的站点。
Because this is a demo site to be used in the context of other running code, I need to be able to start and stop it programmatically. 因为这是一个在其他正在运行的代码的上下文中使用的演示站点,所以我需要能够以编程方式启动和停止它。 I can't seem to find any way to use Kestral and IIS/IIS Express effectively to start and stop the app appropriately.
我似乎无法找到任何方法来有效地使用Kestral和IIS / IIS Express来适当地启动和停止应用程序。
Because I want to demonstrate use of web browsers configured with a proxy to browse and be authenticated by this site, and because most browsers bypass a proxy when browsing localhost
sites (and its cousins 127.0.0.1
and ::1
), I need to be able to use a host name other than localhost to browse the site, and I'm using a simple alias in my hosts file for this purpose. 因为我想证明使用配置了代理的Web浏览器来浏览并通过此站点进行身份验证,并且因为大多数浏览器在浏览
localhost
站点(及其堂兄弟127.0.0.1
和::1
)时绕过代理,我需要能够使用localhost以外的主机名来浏览站点,并且我在hosts文件中使用了一个简单的别名来实现此目的。 However, this lets HTTP.sys right out, as attempting to register any URL prefix other than localhost results, entirely unsurprisingly knowing how HTTP.sys works, in an Access denied
error. 但是,这会让HTTP.sys正确,因为尝试注册除localhost结果之外的任何URL前缀,完全不出所料地知道HTTP.sys如何工作,在
Access denied
错误中。
I've examined several other answers , all of which seem to be outdated, or just do not work for me. 我已经检查了 其他 几个 答案 ,所有这些答案似乎已经过时,或者只是不适合我。
Startup class is as follows: 启动类如下:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IISOptions>(iis => { iis.AutomaticAuthentication = false; });
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMvc();
}
}
If I manually launch the app in the debugger using the "IIS Express" profile, it works in that I get prompted for credentials. 如果我使用“IIS Express”配置文件在调试器中手动启动应用程序,它的工作原理是我收到提示输入凭据。 If I use the "project" profile, of course, it doesn't work because Kestrel doesn't appear to understand Windows Authentication without HTTP.sys.
如果我使用“项目”配置文件,当然,它不起作用,因为Kestrel似乎不理解没有HTTP.sys的Windows身份验证。 If I attempt to use any programmatic means to start the app (
WebHost.CreateDefaultBuilder().Build().StartAsync
, for example), it fails to prompt for authentication, I'm guessing for the same reasons it doesn't work under the "project" profile in the debugger. 如果我尝试使用任何编程方式来启动应用程序(
WebHost.CreateDefaultBuilder().Build().StartAsync
),它无法提示进行身份验证,我猜测它的原因与它不起作用相同调试器中的“项目”配置文件。
The point is to avoid a minimum of configuration for users once cloning the demonstration repo. 关键是要在克隆演示存储库后避免用户进行最少的配置。 Hosting the web app in full-blown IIS is a non-starter.
在完整的IIS中托管Web应用程序是一个非首发。 Similarly, solutions that require admin access (like using
netsh http add urlacl
) or running as admin are also non-starters, as many users do not have administrative access to their machines. 同样,需要管理员访问权限的解决方案(如使用
netsh http add urlacl
)或以管理员netsh http add urlacl
运行也是非启动者,因为许多用户没有对其计算机的管理访问权限。
Is what I'm attempting even possible? 我正在尝试甚至可能吗? How can I cobble this together to make it work?
我怎样才能将它拼凑起来以使其有效? "What you're trying to do is impossible," is a perfectly valid answer, but if that's the answer given, I'd like additional information of why this it's impossible.
“你想做的事情是不可能的”,这是一个非常有效的答案,但如果这是给出的答案,我想了解为什么这是不可能的更多信息。
I do not have much experience with IIS, nor do I fully understand your situation, but I hope I can share enough to help you figure this out. 我没有太多的IIS经验,也没有完全理解你的情况,但我希望我可以分享足够的帮助你解决这个问题。
There seem to be three aspects to your question: 您的问题似乎有三个方面:
I can't help with 1. Regarding windows authentication: 我无法帮助1.关于Windows身份验证:
InProcess
and OutOfProcess
. InProcess
和OutOfProcess
。 InProcess
) -- so there's no kestrel in the picture. InProcess
) - 因此图中没有红隼。 When you choose the project profile, you're essentially self-hosting the application with Kestrel ( OutOfProcess
) -- so there's no IIS in the picture unless you explicitly configure it to act as a reverse proxy. OutOfProcess
)自托管应用程序 - 因此除非您明确将其配置为充当反向代理,否则图片中没有IIS。 InProcess
or OutOfProcess
, you should be able to get Windows Authentication working. InProcess
或OutOfProcess
获得图片中的IIS,您就应该能够使用Windows身份验证。 Regarding starting and stopping the application: 关于启动和停止应用程序:
OutOfProcess
you have full control, you can start and stop at will since you have access to the WebHost
object. OutOfProcess
,您可以完全控制,您可以随意启动和停止,因为您可以访问WebHost
对象。 InProcess
, I'm not sure if starting/stopping with WebHost would work, but you can stop it using IApplicationLifetime.StopApplication()
and let IIS start it back up for you on the next request. InProcess
,我不确定使用WebHost启动/停止是否可行,但您可以使用IApplicationLifetime.StopApplication()
停止它,并让IIS在下一个请求时为您启动它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.