经典 ASP 和ASP.Net 身份验证
我有两个独立的应用程序(一个是经典的 asp,另一个是 asp.net),从用户的角度来看,它们应该无缝地显示为一个“应用程序”。正如其他人指出的那样,这两个应用程序无法共享会话信息,因此我计划按照以下方式使用 Windows 身份验证:-
在 ASP 世界中:
Request.ServerVariables("AUTH_USER")
以及在 ASP.Net (.Net 2.0) 中:
System.Threading.Thread.CurrentPrincipal.Identity.Name
这是从我的业务逻辑层(即
HttpContext.Current.User.Identity.Name
对我来说不可用)。
这被认为是好的做法还是有更好的方法?设置 IIS 时需要考虑什么?
I have two separate apps (one is classic asp, the other is asp.net) which, from the point of view of the user, should appear seamlessly as one "application". As others have pointed out, the two apps can't share session information, so I am planning to use windows authentication along these lines:-
In the ASP world:
Request.ServerVariables("AUTH_USER")
and in ASP.Net (.Net 2.0):
System.Threading.Thread.CurrentPrincipal.Identity.Name
which is called from my business logic layer (i.e.
HttpContext.Current.User.Identity.Name
is not available to me).
Is this considered good practice or is there a better way? What do I need to consider when setting up IIS?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
几年前我不得不这样做,我记得斯科特·格思里(Scott Guthrie)有一篇很好的文章让我开始了。
http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp- and-non-asp-net-urls.aspx
我们最终购买了他也谈到过这本书。这是一本好书。
I had to do this a couple of years ago and I remembered Scott Guthrie had a good post that got me started.
http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
We ended up buying the book he talks about too. It's a good read.