ASP.NET MVC5 提示 Windows Auth 忽略身份验证模式
[英]ASP.NET MVC5 Prompt Windows Auth ignoring authentication mode
问题描述
I gave up implementing Windows and Forms Authentication mode in the same project, I've encountered infinite login loops, authorization errors and nightmare-ish spaghetti code.
我放弃了在同一个项目中实现 Windows 和 Forms 身份验证模式,我遇到了无限登录循环、授权错误和噩梦般的意大利面条代码。
I'm keeping Forms authentication / RoleProvider just as-is but my idea it's triggering Windows authentication inside the HttpPost for the ActionResult Login , so the user would enter their domain username, press login button, then compare the text input against HttpContext identity, if true prompt Windows Authentication and if the login is successfull then redirect to admin/user corresponding webpages (getting the role from a SQL table).我保持 Forms 身份验证 / RoleProvider 原样,但我的想法是在 HttpPost 内部为ActionResult Login触发 Windows 身份验证,因此用户将输入他们的域用户名,按下登录按钮,然后将文本输入与 HttpContext 身份进行比较,如果true 提示 Windows 身份验证,如果登录成功,则重定向到管理员/用户对应的网页(从 SQL 表中获取角色)。
This is a vague idea i pseudo coded.这是我伪编码的一个模糊想法。
[HttpPost]
public ActionResult Login (usuario u, string retornaUrl) {
string userDomWin = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name.ToString ().Substring ((HttpContext.User.Identity.Name.ToString ().IndexOf ("\\")) + 1);
string userWin = userDomWin.Replace ("DOMAIN\\", "");
var usuarioSys = (from d in db.usuario where d.usuarioDom == userWin select d.usuarioDom).FirstOrDefault ();
if (usuarioSys != null) {
//TRIGGER WINDOWS AUTH
if (WINDOWSAUTH == true) {
Session["uname"] = usuarioSys.ToString ();
if (usuarioSys != null) {
return Redirect ("~/Home/Index");
} else {
TempData["Message"] = "FINISHED.";
return Redirect ("~/Account/Login");
}
} else {
TempData["Message"] = "UNAUTOHRIZED.";
return Redirect ("~/Account/Login");
}
}
return View ();
}
Can you implement something equivalent?你能实现一些等效的东西吗?
2 个解决方案
解决方案1
0 2020-03-05 14:14:20
your problem might be more complex than that, but from what you posted, it is normal that your users are redirected to the login page even after validating all your login (SQL & windows), as you did not add the form cookie to the response.您的问题可能比这更复杂,但是从您发布的内容来看,即使在验证所有登录(SQL 和 Windows)之后,您的用户也被重定向到登录页面是正常的,因为您没有将表单 cookie 添加到响应中. If that is the source of the problem, here is my code for the return of the form cookie (encrypted)如果这是问题的根源,这里是我返回表单 cookie 的代码(加密)
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
2,
userName,
DateTime.Now,
DateTime.Now.AddMinutes(480),
true,
role,
FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
var response = System.Web.HttpContext.Current.Response;
response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
return RedirectToAction("Index", "Home");
hope it helps希望能帮助到你
解决方案2
0 2020-03-05 14:58:15
I'm not sure how your project's web config is set up, but be sure to check if you have the authentication mode set to forms我不确定你的项目的 web 配置是如何设置的,但一定要检查你是否将身份验证模式设置为表单
<system.web>
<authentication mode="Forms">
<forms loginUrl="Home/Login"></forms>
</authentication>
As for why MVC authentication/authorization is difficult to set up / often has issues, there was a very useful thread that clarified that for me.至于为什么 MVC 身份验证/授权难以设置/经常出现问题,有一个非常有用的线程为我澄清了这一点。
Personally, at least for internal applications, I prefer to use windows authentication via setting up my own function to check against Active Directory groups on the Domain where the app is deployed.就我个人而言,至少对于内部应用程序,我更喜欢通过设置我自己的功能来使用 Windows 身份验证,以检查部署应用程序的域上的 Active Directory 组。 The reason for this is, for internal apps, usually the "current user" is identified by whatever unique employee ID they are logged in as, so it is easier for the app to check against authorized active directory groups to see if they should / shouldn't access it.这样做的原因是,对于内部应用程序,“当前用户”通常由他们登录时使用的任何唯一员工 ID 标识,因此应用程序更容易检查授权的 Active Directory 组以查看他们是否应该/应该不访问它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.