堆栈内存溢出
  简体   繁体   English

从 C# web 页面(包括 IIS)获取当前登录的 Active Directory 用户

[英]Get currently logged-on Active Directory user from a C# web page (IIS incl)

 原文  2011-07-21 18:43:52       c#/ iis/ authentication/ active-directory

问题描述

We are building an intranet for a client, the client doesn't want the users to log on, as they have already logged onto the domain (Active Directory)我们正在为客户端构建 Intranet,客户端不希望用户登录,因为他们已经登录到域(Active Directory)

But they do want to know the AD username of each user so that if they post on the blog, their identity can be recorded.但是他们确实想知道每个用户的 AD 用户名,这样如果他们在博客上发帖,就可以记录他们的身份。

Our thinking so far has been, that our web.config file should say:到目前为止,我们的想法是,我们的 web.config 文件应该说:

<identity impersonate="false" />

so that each user browses the intranet site as themselves and not the App Pool user configured in IIS.这样每个用户都以自己的身份浏览内网站点,而不是 IIS 中配置的 App Pool 用户。

Would this be the right way to go about it?这会是关于 go 的正确方法吗?

If so, what IIS authentication should we be using?如果是这样,我们应该使用什么 IIS 身份验证? NOTE: we are not authenticating the user, so we don't want the logon prompt, all users will already have logged onto the domain, we just want to see their username.注意:我们没有对用户进行身份验证,所以我们不需要登录提示,所有用户都已经登录到域,我们只想查看他们的用户名。

Is this even possible?这甚至可能吗? And are we on the right track?我们走在正确的轨道上吗?

In C#, we can retrieve the username like this:在 C# 中,我们可以这样检索用户名:

System.Web.HttpContext.Current.Request.LogonUserIdentity.Name.ToString()

but we just can't find an IIS authentication setting that will not prompt a domain/network login.但我们只是找不到不会提示域/网络登录的 IIS 身份验证设置。

2 个解决方案

解决方案1
 1  2011-07-21 18:56:09

You need to turn on windows authentication.您需要开启 windows 认证。 After you did that, the identity token will be passed to the server as I remember, and you can manage the authentication with that.在你这样做之后,我记得身份令牌将被传递给服务器,你可以用它来管理身份验证。 Also note that only Chrome and IE supports this fully, Firefox will ask at least for pressing an ok button before authenticating the user.另请注意,只有 Chrome 和 IE 完全支持此功能,Firefox 在验证用户之前至少会要求按下确定按钮。 Other thing to note is the set the trust levels correctly in the browser, or it wont do the automatic authentication.其他要注意的是在浏览器中正确设置信任级别,否则它不会进行自动身份验证。

解决方案2
 0  2011-07-21 18:45:55

You already know how to get the LogonUserIdentity and set up IIS correctly.您已经知道如何获取 LogonUserIdentity 并正确设置 IIS。 What is lacking is to get the browser to automatically authenticate with the AD account of the user.缺少的是让浏览器自动使用用户的 AD 帐户进行身份验证。 To enable that you have to configure the browser to do so, which I think only is enabled for Intranet zone sites by default.要启用它,您必须配置浏览器才能这样做,我认为默认情况下仅对 Intranet 区域站点启用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#从Active Directory,IIS中的登录用户获取登录用户的电子邮件地址 - C# Get Logged in user email address from logged in user in Active Directory, IIS 获取当前登录用户的身份,而不是系统帐户的身份 - Get identity of currently logged-on user, not System account 从当前登录用户的Active Directory获取专有名称 - Get distinguished name from Active Directory of currently logged in user 向另一个用户或所有登录用户显示C#表单 - Display a C# Form to another user, or all logged-on users 比较活动目录和当前登录的数据库用户? - comparing active directory and db user currently logged in? C# - 如何从 Active Directory 获取用户的“网页”属性? - C# - How do I Get a users "Web Page" property from Active Directory? 如何使用C#通过他的ID获取当前登录用户? - How to get currently logged in user by his ID using C#? 使用C#获取当前登录用户的ADS组列表 - Get the list of ADS groups of the currently logged in user using C# 如何在 Azure Web App 中获取我的 C# 代码中的用户名? - How to get my Username in C# Code in Azure Web App while logged in with Azure Active Directory? C#从Active Directory获取特定用户的所有组 - C# Get all groups of specific user from Active Directory
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM