[英]Incorrect windows identity in Cassini-Dev when hosted in Windows Service
I am hosting CassiniDev 4.0 in my windows service running an MVC 3.0 configuration site for my service. 我在运行服务的MVC 3.0配置站点的Windows服务中托管CassiniDev 4.0。
I have the web.config setup to use windows authentication. 我有使用Windows身份验证的web.config设置。 When I look at the HttpContext.User in the web site, it shows the identity that the service is running under, not the itentity of the user making the request.
当我查看网站中的HttpContext.User时,它显示了服务正在运行的身份,而不是发出请求的用户的身份。 The User.AuthenticationType is NTLM, which is correct, BTW.
User.AuthenticationType是NTLM,这是正确的BTW。
This seems pretty clearly to be a bug, but wanted to run it by the community to see if there is some configuration I am missing. 这似乎很明显是一个错误,但想由社区运行它以查看是否缺少某些配置。
It seems like it might be a variation on this issue postedlast week: 似乎是上周发布的此问题的变体:
SecurityIdentifiers in Cassini-dev's NTLM authentication Cassini-dev的NTLM身份验证中的SecurityIdentifiers
This is definitely a bug in Cassini Dev. 这绝对是Cassini Dev中的错误。 It looks like this method is returning the wrong token:
Request.GetUserToken()
. 看来此方法返回了错误的令牌:
Request.GetUserToken()
。 The code: 编码:
public override IntPtr GetUserToken()
{
return _host.GetProcessToken();
}
And here _host.GetProcessToken() is a pointer to a security token belonging to the user who owns the Cassini process, it is not the token belonging to the user that's logged in. What needs to happen is the NtlmAuth
object needs to pass the security token back to the Request
object so that it can be returned when this method is called instead of the host's token. _host.GetProcessToken()是指向拥有Cassini进程的用户的安全令牌的指针,而不是已登录用户的令牌。需要发生的是
NtlmAuth
对象需要通过安全性令牌返回到Request
对象,以便可以在调用此方法而不是主机的令牌时将其返回。 Not really sure what the best way to do this is but you can see in the NtlmAuth
class, the security token is acquired here: 不确定是否最好的方法是什么,但是您可以在
NtlmAuth
类中看到,在这里获取了安全令牌:
IntPtr phToken = IntPtr.Zero;
if (Interop.QuerySecurityContextToken(ref _securityContext, ref phToken) != 0)
{
return false;
}
phToken
is the security token but it needs to get back to the Request object and not call Interop.CloseHandle(phToken);
phToken
是安全令牌,但是它需要返回到Request对象,而不是调用Interop.CloseHandle(phToken);
later in that method, where it frees the token. 稍后在该方法中,它将释放令牌。 Note that CloseHandle() needs to be called on the token eventually, otherwise a new one will be issued for every request made by a logged in user but unused ones will never get freed.
请注意,最终需要在令牌上调用CloseHandle(),否则将为登录用户发出的每个请求发出一个新请求,但永远不会释放未使用的请求。 One possible place to do this is in the
Request
object, which subclasses SimpleWorkerRequest and you can override the EndOfRequest method to call CloseHandle() on the security token. 一种可能的实现方式是在
Request
对象中,该对象继承了SimpleWorkerRequest的子类,您可以重写EndOfRequest方法以对安全令牌调用CloseHandle()。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.