Asp.NET 主要 WebORB HttpHandler
我有一个 Flex-WebORB-Asp.NET 应用程序。登录时,有一个 AuthenticationHandler 实现了 WebORB 接口:
IPrincipal CheckCredentials(string username, string password, Request message);
因此我创建一个主体并返回它。 WebORB 使用主体来检查远程方法调用的身份验证和授权。
var principal = new GenericPrincipal(new GenericIdentity(user.id.ToString()), new[] { "admin" });
return principal
现在,如果我检查 HttpContext.Current.User.Identity 是什么,它是一个 WindowsIdentity。
到目前为止,一切都很好。当稍后通过 WebORB 完成远程调用时,我通过调用以下命令获取登录用户的 id:
Thread.CurrentPrincipal.Identity.Name
所以我猜 WebORB 确保每次远程调用都设置线程的标识。
问题是,当我调用 HttpHandler (以检索图像)时,我还尝试使用 Thread.CurrentPrincipal.Identity.Name 获取登录用户的 id,但这不起作用。可能是因为使用 HttpHandler,WebORB 不会起作用。
您将如何解决这个问题,以便我在这两种情况下都能以相同的方式获取登录用户的 ID?将其放入会话对象中?您可以更改HttpContext.Current.User.Identity吗? HttpContext.Current.User.Identity 不应该与 Thread.CurrentPrincipal.Identity.Name 相同吗?
ps:用户不在 Active Directory 中。
I have a Flex-WebORB-Asp.NET application. When logging in, there's an AuthenticationHandler which implements a WebORB interface:
IPrincipal CheckCredentials(string username, string password, Request message);
So I create a Principal and return it. WebORB uses the Principal to check for Authentication and Authorization of remote method calls.
var principal = new GenericPrincipal(new GenericIdentity(user.id.ToString()), new[] { "admin" });
return principal
Now, at this point, if I check what HttpContext.Current.User.Identity is, it's a WindowsIdentity.
So far so good. When later on, a remote call is done through WebORB, I get the id of the logged in user by calling:
Thread.CurrentPrincipal.Identity.Name
So I guess WebORB makes sure the Identity of the Thread is set with each remote call.
Problem is that when I call a HttpHandler (to retrieve an image), I also try to get the id of the logged in user with Thread.CurrentPrincipal.Identity.Name, but that doesn't work. Probably because with a HttpHandler, WebORB doesn't come into action.
How would you solve this so that I can get the id of the logged in user the same way in both cases? Put it in a session object? Can you change the HttpContext.Current.User.Identity? Shouldn't the HttpContext.Current.User.Identity be the same as the Thread.CurrentPrincipal.Identity.Name?
ps: The users are not in Active Directory.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,它们是不同的。
No, they are different.