[英]how to get windows authenticated user guid from internal asp web application?
Ok, so this was working in my VS test server (naturally), but as soon as I publish to IIS, it breaks. 好的,所以这在我的VS测试服务器上正常工作,但是一旦发布到IIS,它就会中断。 What I need for this to work is to be able to get ahold of the GUID (not the SID, please) of the user currenctly logged into the machine. 为此,我需要能够掌握当前登录到计算机的用户的GUID(请不要使用SID)。 Using DirectoryServices, this was my original implementation: 使用DirectoryServices,这是我最初的实现:
var guid = UserPrincipal.Current.Guid.ToString();
This is giving me an error that I cannot cast from GroupPrincipal to UserPrincipal. 这给我一个错误,我无法从GroupPrincipal强制转换为UserPrincipal。 So it sounds like the application is trying to run as a some authenticated group or something. 因此,听起来该应用程序正试图以某个经过身份验证的组或某种身份运行。 I realize, the normal approach would be something like HttpContext.Current.User.Identity, but I'm not sure what to do with that as it has no Guid property and when I try to convert it to a SID and run an LDAP query, it throws an exception. 我意识到,通常的方法将类似于HttpContext.Current.User.Identity,但是由于它没有Guid属性,并且当我尝试将其转换为SID并运行LDAP查询时,我不确定该怎么做。 ,它将引发异常。 Can someone help me with the necessary steps to achieve this? 有人可以帮助我采取必要的措施来实现这一目标吗?
Thanks 谢谢
UPDATE: Okay here's my most current attempt: 更新:好的,这是我最近的尝试:
protected string GetUserGuid()
{
var pc = new PrincipalContext(ContextType.Domain);
var windowsID = HttpContext.Current.User.Identity;
var up = UserPrincipal.FindByIdentity(pc, windowsID.Name);
return up.Guid.ToString();
}
And the exception I get: 我得到的例外是:
[COMException (0x8007054b): The specified domain either does not exist or could not be contacted. [COMException(0x8007054b):指定的域不存在或无法联系。 ] ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788 System.DirectoryServices.DirectoryEntry.Bind() +44 System.DirectoryServices.DirectoryEntry.Bind(布尔throwIfFail)+788 System.DirectoryServices.DirectoryEntry.Bind()+44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42 System.DirectoryServices.DirectoryEntry.get_AdsObject()+42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29 System.DirectoryServices.PropertyValueCollection.PopulateList()+29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63 System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry条目,字符串propertyName)+63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163 System.DirectoryServices.PropertyCollection.get_Item(字符串propertyName)+163
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +436 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()+436 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()+51 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()+141 System.DirectoryServices.AccountManagement.PrincipalContext.get_Querytx +42 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext上下文,类型PrincipalType,可空`1 identityType,字符串identityValue,DateTime refDate)+29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95 TicketsToMe.GetUserGuid() +123 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext上下文,字符串identityValue)+95 TicketsToMe.GetUserGuid()+123
TicketsToMe.Page_Load(Object sender, EventArgs e) +38 TicketsToMe.Page_Load(对象发件人,EventArgs e)+38
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3048 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp,Object o,Object t,EventArgs e)+25 System.Web.UI.Control.LoadRecursive()+71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,布尔值includeStagesAfterAsyncPoint)+3048
If something runs locally but not on IIS it can be a permission thing. 如果某些内容在本地运行,但不在IIS上运行,则可能是权限问题。 Have you checked trust level on your IIS? 您是否在IIS上检查了信任级别? Local VS test server runs on Full trust but IIS (especially 7) website may be set to Medium or lower. 本地VS测试服务器在完全信任下运行,但IIS(尤其是7)网站可能设置为“中”或更低。 This has caused me problems before with similar results ie something running locally but not on IIS. 这导致我以前遇到过类似问题,例如在本地运行但不在IIS上运行的问题。
Also it is worth checking permissions for app pool user. 同样值得检查应用程序池用户的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.