使用 asp.net 表单身份验证进行用户模拟

发布于 2024-09-17 05:39:16 字数 1870 浏览 2 评论 0原文

我编写了一个小型 ASP.NET 3.5 应用程序，允许用户自行更新选定的帐户属性。

当我使用基本身份验证时，一切工作正常，但由于显示的对话框不太理想，我想使用表单身份验证来为用户提供有关如何登录的更多说明。

我的问题是，为了用户要更新他们的帐户信息，我必须让应用程序模拟他们进行更新操作。

我在互联网上搜索，试图找到解决我的问题的方法，但没有任何合适或有效的方法。我尝试设置web.config：

<identity impersonate="true">

但这似乎不起作用。我也有使用 WindowsImpersonationContext 类的 C# 代码，但仍然没有运气。

protected void titleTextBox_TextChanged(object sender, EventArgs e)
{
    TextBox tb = (TextBox)sender;
    string fieldTitle = "job title";
    string fieldName = "title";

    if (userDirectoryEntry == null)
        CaptureUserIdentity();
    try
    {
        WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate();
        if (String.IsNullOrEmpty(tb.Text))
            userDirectoryEntry.Properties[fieldName].Clear();
        else
            userDirectoryEntry.InvokeSet(fieldName, tb.Text);
        userDirectoryEntry.CommitChanges();
        impersonationContext.Undo();
        PostBackMessages.Add(fieldTitle, "");
    }
    catch (Exception E)
    {
        PostBackMessages.Add(fieldTitle, E.Message);
    }
}

我还尝试使用 LogonUser 方法创建用户令牌并以这种方式后端身份验证，但它也不起作用。

IntPtr token = IntPtr.Zero;
bool result = LogonUser(userName, domainName, passwordTB.Text, LogonSessionType.Network, LogonProvider.Default, out token);

if (result)
{
     WindowsPrincipal wp = new WindowsPrincipal(new WindowsIdentity(token));
     System.Threading.Thread.CurrentPrincipal = wp;
     HttpContext.Current.User = wp;
     if (Request.QueryString["ReturnUrl"] != null)
     {
          FormsAuthentication.RedirectFromLoginPage(usernameTB.Text, false);
     }
     else
     {
          FormsAuthentication.SetAuthCookie(usernameTB.Text, false);
     }
}

我只是忍不住认为我错过了一些非常简单的事情......

原文

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own.

Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in.

My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions.

I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting theweb.config:

<identity impersonate="true">

but that doesn't seem to work.
I also have the C# code using theWindowsImpersonationContext class, but still no luck.

protected void titleTextBox_TextChanged(object sender, EventArgs e)
{
    TextBox tb = (TextBox)sender;
    string fieldTitle = "job title";
    string fieldName = "title";

    if (userDirectoryEntry == null)
        CaptureUserIdentity();
    try
    {
        WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate();
        if (String.IsNullOrEmpty(tb.Text))
            userDirectoryEntry.Properties[fieldName].Clear();
        else
            userDirectoryEntry.InvokeSet(fieldName, tb.Text);
        userDirectoryEntry.CommitChanges();
        impersonationContext.Undo();
        PostBackMessages.Add(fieldTitle, "");
    }
    catch (Exception E)
    {
        PostBackMessages.Add(fieldTitle, E.Message);
    }
}

I also tried using theLogonUser method to create a user token and backend the authentication that way, and it doesn't work either.

IntPtr token = IntPtr.Zero;
bool result = LogonUser(userName, domainName, passwordTB.Text, LogonSessionType.Network, LogonProvider.Default, out token);

if (result)
{
     WindowsPrincipal wp = new WindowsPrincipal(new WindowsIdentity(token));
     System.Threading.Thread.CurrentPrincipal = wp;
     HttpContext.Current.User = wp;
     if (Request.QueryString["ReturnUrl"] != null)
     {
          FormsAuthentication.RedirectFromLoginPage(usernameTB.Text, false);
     }
     else
     {
          FormsAuthentication.SetAuthCookie(usernameTB.Text, false);
     }
}

I just can't help but think that I'm missing something incredibly simple...

分享到QQ

分享到微博