問題描述
我正在嘗試讓 ActiveDirectory 和標準表單登錄都能正常工作,但有一件事阻止了我.我無法獲取當前 Windows 用戶的名稱.我得到的最接近的是 var i = WindowsIdentity.GetCurrent();,但這給了我 IIS 應用程序池用戶的名稱.我在 IIS 中啟用了匿名身份驗證、表單身份驗證和 Windows 身份驗證.我可以從 AD 加載用戶,所以我假設我的 web.config 設置正確.
I'm trying to get both ActiveDirectory and standard forms login working but one thing is stopping me. I can't get the name of the current windows user. The closest I've got is var i = WindowsIdentity.GetCurrent();, but that gives me the name of the IIS app pool user. I have Anonymous Authentication, Forms Authentication and Windows Authentication enabled in IIS. I can load users from AD so I assume my web.config is setup correctly.
編輯:這是我的 web.config(使用 Facade 提供程序):
Edit: This is my web.config (using a Facade provider):
<membership defaultProvider="HybridMembershipProvider">
<providers>
<clear />
<add name="HybridMembershipProvider" type="MyApp.Data.HybridMembershipProvider" AspNetProviderName="AspNetSqlMembershipProvider" ActiveDirectoryProviderName="ADMembershipProvider" />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MyAppConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName" enableSearchMethods="true" attributeMapEmail="mail"/>
</providers>
</membership>
編輯 2:這是我的 IIS 安全設置.
Edit 2: Here's my IIS security setup.
推薦答案
如果您在 IIS 中打開 ASP.Net Impersonation,您可以獲得您想要的用戶名.僅當該數據位于表單成員資格提供商/AD 中且它們不是匿名的時,這才有效.
If you turn on ASP.Net Impersonation in IIS, you can get the username like you wanted to. This will only work if that data is in the forms membership provider / AD, and they are not Anonymous.
此外,混合基于表單和基于 Windows/AD 的身份驗證是可行的,但不推薦.如果需要,請參閱此.
Also, mixing Forms based and Windows/AD based auth is doable but not recommended. See this if you need to do it.
編輯:我想我誤解了您想要的內容,因此這里對上述解決方案的情況進行了高層次的掩飾:
EDIT: I think I misunderstood what you wanted so here's a high-level glossing over of what goes on with the aforementioned solution:
如果您關閉匿名身份驗證并打開 Asp.Net Impersonation,IIS 將在有人訪問該站點時執行 401 質詢.
如果所有內容都在同一個域中,Web 瀏覽器會將您的憑據發送到 IIS,IIS 將根據它的 Active Directory 驗證它們,然后 AD 將為 IIS 提供一個身份以供使用.
If you turn off Anonymous Authentication, and turn on Asp.Net Impersonation, IIS will do a 401 Challenge whenever somebody visits the site.
If everything is on the same domain, the web browser will send your credentials to IIS, IIS will validate them against it's Active Directory, and then AD will give IIS an Identity to work with.
當您打開 Asp.Net Impersonation 時,IIS 會將該標識綁定到當前線程/請求.因此,在身份驗證發生后,您可以從當前線程標識中獲取用戶名,然后像這樣查詢 Active Directory:
When you have Asp.Net Impersonation turned on, IIS will then bind that Identity to the current thread/request. So after authentication happens, you can just grab the username from the current thread identity, and then query Active Directory like:
using System.Threading;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
......
PrincipalContext pc = null;
UserPrincipal principal = null;
try
{
var username = Thread.CurrentPrincipal.Identity.Name;
pc = new PrincipalContext(ContextType.Domain, "active.directory.domain.com");
principal = UserPrincipal.FindByIdentity(pc, username);
var firstName = principal.GivenName ?? string.Empty
var lastName = principal.Surname ?? string.Empty
return string.Format("Hello {0} {1}!", firstName, lastName);
}
catch ...
finally
{
if (principal != null) principal.Dispose();
if (pc != null) pc.Dispose();
}
這篇關于ASP.NET 中的 ActiveDirectory 當前用戶名的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!