未在启用 Windows 身份验证的情况下填充 HttpContext.Current.User
我有一个使用 Windows 身份验证的 ASP.NET Intranet 应用程序。 我几年前使用 VS 2005 创建了该应用程序,并且 Windows 身份验证位运行得很好。 我的 web.config 具有以下内容(内部配置 -> system.web 元素):
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
我在 Firefox 中对此进行了测试,以确认需要凭据,实际上,在第一次访问该站点时,系统会提示我输入网络凭据,并且我如果无效就会被拒绝。
但是,当我尝试访问 HttpContext.Current.User.Identity 时,该对象的 Name 和 AuthenticationType 为空字符串,并且 Authenticated = false。 我想我可能需要在浏览互联网后启用 WindowsTokenRoleProvider,这并没有改变任何东西。
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<clear/>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
自从上次看到它工作以来我做了两件事,一是通过转换向导将项目升级到 VS 2008,而且我也把它搁置了几个月,而我的同事可能已经在这里或那里工作过。 。 我非常确定影响我的 User.Identity 的唯一因素是上面提到的 web.config 中的值,但显然我做错了。 其他人遇到类似的问题或看到我做错了什么吗? 谢谢。
I have an asp.net intranet application using windows authentication. I created the application years ago with VS 2005, and the windows authentication bit was working perfectly. My web.config has the following (inside configuration -> system.web element):
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
I test this in Firefox to confirm that the credentials are required, and indeed I'm prompted for my network credentials when first accessing the site, and I'm denied if they are invalid.
However, when I try to access HttpContext.Current.User.Identity, the object has empty strings for Name and AuthenticationType, and Authenticated = false. I thought I might need to enable the WindowsTokenRoleProvider after looking around the interwebs, and this did not change anything.
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<clear/>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
Two things I've done since the last time I've seen it work are upgrade the project to VS 2008 through the conversion wizard, and I also put it down for several months while my co-workers may have worked on it here or there. I was pretty sure that the only thing that affects my User.Identity are the values in the web.config mentioned above, but apparently I'm doing something wrong. Anyone else encounter a similar issue or see something I'm doing wrong? Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
尝试添加以获得您想要的行为? 当未打开模拟时,仍然会以 NETWORK SERVICES 或 ASPNET 用户的名义发生很多事情
,这里是 Hanselman 博客文章 其中想到了另一个疯狂的想法:
Try adding to get the behavior you want? When impersonation isn't turned on, a lot still happens under the name of NETWORK SERVICES or the ASPNET user
And here is Hanselman blog post that has the other crazy idea that came to mind:
一些想法:
在站点配置上,拉出“ASP.NET 配置设置”对话框。 在“身份验证”选项卡上,“身份验证模式”是否设置为“Windows”()? 在“应用程序”选项卡上,是否设置了“本地模拟”(我认为应该取消选中它)。
您的服务器是否已从域中删除? 运行应用程序池的用户是否发生变化? 域策略是否发生变化,导致服务器无法冒充用户进行身份验证检查(而不是委派)?
您是否尝试过为您的站点重新安装 asp.net 扩展? (这本身就是一个大主题。)
您可以通过编程方式检查 HttpContext.SkipAuthorization 标志。
Some ideas:
On the site configuration, pull up the 'ASP.NET Configuration Settings' dialog. On the 'Authentication' tab, is the 'Authentication mode' set to 'Windows' ()? On the 'Application' tab, did 'Local impersonation' get set (I think it should be unchecked).
Did your server get dropped off the domain? Did the user running the app pool change? Did domain policies change, preventing the server from impersonating the user for purposes of auth checks (not delegation)?
Have you tried re-installing the asp.net extensions for your site? (This is a big topic in itself.)
You could check the HttpContext.SkipAuthorization flag programmatically.
确保您的
部分尚未被清除。 您计算机的 web.config 文件应包含如下代码片段:这里重要的元素是
WindowsAuthentication
。 确保它位于您的%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\CONFIG\Web.config
文件中。 另外,请确保您自己的网站以及“父”网站或文件夹中出现的任何 web.config 文件的中没有
部分。 如果没有
标记WindowsAuthentication
模块,浏览器是否强制您登录并不重要...如果没有此模块,ASP.NET 将永远不会真正设置User
属性包括。httpModules
的顺序也很重要,特别是我认为WindowsAuthentication
模块需要出现在AnonymousIdentification
之前。 。Make sure your
<httpModules>
section hasn't been cleared. Your machine's web.config file should include a snippet like this:The important element here is
WindowsAuthentication
. Make sure that it's in your%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\CONFIG\Web.config
file. Also, make certain that both your own web site and any web.config file that appears in a "parent" site site or folder does not have a<clear/>
tag in its<httpModules>
section. Without theWindowsAuthentication
module, it doesn't matter if the browser forces you to log in or not... ASP.NET will never actually set theUser
property without this module included.Ordering of
httpModules
is also significant, and in particular I believe theWindowsAuthentication
module needs to appear before theAnonymousIdentification
one.您在哪里检查该用户? 在请求周期中,在授权发生之前会触发一些事件。
如果您在 Vista、Windows 7 或 Windows Server 2008 上进行测试,则可能存在其他差异,因为 ASP.Net 和 IIS 管道集成在 IIS 7 的默认配置上。
Where do you check for this user? In the request cycle there are some events fired before the authorization takes place.
If you are testing on Vista, Windows 7 or Windows Server 2008 there can be other differences, because the ASP.Net and IIS pipeline are integrated on IIS 7's default configuration.
有关更新的答案: https://stackoverflow.com/a/77909626/10157633
因为这仍然会获得浏览量并且相当过时:
您可能还需要在项目上设置 Windows 身份验证(并禁用匿名身份验证):
如果使用 Visual Studio 2022,
“特性。”
选项被选中。 保存您的更改。
For an updated answer: https://stackoverflow.com/a/77909626/10157633
Since this still gets views and is quite outdated:
You also probably need to Set up Windows Authentication on you project (and disable Anonymous Auth):
If using Visual Studio 2022,
"Properties."
option is checked. Save your changes.
您是否尝试过将 身份模拟: 添加
到 web.config 中?
Have you tried adding identity impersonation:
to the web.config?
我相信您需要确保在 IIS 中关闭站点/虚拟的匿名访问。
I believe you need to make sure that anonymous access is turned off in IIS for the site/virtual.