ASP.NET 模拟问题(第 2 部分)
这是关于无法模拟当前登录的 Windows 用户的上一篇文章的后续内容。有很多好的建议,但之前的帖子变得混乱,所以我用这篇文章重新设置。希望根据下面记录的当前状态,问题是什么会很明显。这是一条很旧的路径,所以我不得不相信我所缺少的只是一个小小的配置步骤。
问题:我需要让 ASP.NET 模拟当前登录的用户。当我在 IIS 7.5 下运行时,它不起作用。 IIS Express 工作正常,但我相信这是因为调试会话在我的用户 ID 下运行。
我使用 Environment.Username 来确定该用户是谁。有人建议该属性始终返回登录的用户名,但根据我的测试,它返回来自 IIS 的模拟用户。
例如,如果我的 web.config 有...
<identity impersonate="true" />
当我使用该设置在 IIS 7.5 下运行时,Environment.Username 返回 IUSR。我相信这是 IIS 匿名用户帐户。
如果我将 web.config 更改为……
<identity impersonate="true" userName="domain\jlivermore" password="mypassword" />
,则 Environment.Username 返回 jlivemore。但是,我需要它返回 jlivermore,而无需在 web.config 中明确设置它。
这是我的 IIS 设置...
.NET 授权规则 
身份验证 
有一个问题,如果我禁用匿名身份验证,系统会提示我登录该网站。我想如果您使用域上的 Active Directory 帐户登录,那么这个挑战就不会出现?即使我在这个提示中输入我的用户名/密码,我仍然无法让模拟工作。
基本设置
This is a follow on to a previous post about being unable to impersonate a currently logged in Windows user. There were many good suggestions, but the previous thread was getting messy, so I am resetting with this post. Hopefully with the current state documented below it will be obvious what the issue is. This is a well worn path, so I have to believe all I am missing is a little configuration step.
PROBLEM: I need to have ASP.NET impersonate the currently logged in user. When I run under IIS 7.5, it doesn't work. IIS Express works fine, but I believe that is because the debugging session is running under my user id.
I am using Environment.Username to determine who this user is. There was a suggestion that this property always returns the logged in user name, but from my testing it returns the impersonated user from IIS.
For example, if my web.config has…
<identity impersonate="true" />
When I run under IIS 7.5 with that setting, Environment.Username returns IUSR. I believe this is the IIS anonymous user account.
If I change web.config to…
<identity impersonate="true" userName="domain\jlivermore" password="mypassword" />
… then Environment.Username returns jlivemore. However, I need it to return jlivermore without me explicitly setting it in web.config.
Here are my IIS settings…
.NET Authorization Rules
Authentication
One question, if I disable Anonymous Authentication, then I am prompted to login to the site. I thought if you were logged in with an Active Directory account on a domain then this challenge wouldn't appear? Even if I enter my username/password into this prompt, I still don't get the impersonation to work.
Basic Settings
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我不确定您是否找到了答案,但如果有人遇到问题,您将需要在 web.config 文件中添加以下内容
,并且在 IIS 中,您将需要启用 Asp.net 模拟并启用 Windows 身份验证,其他的应该被禁用。在 Windows 身份验证中,转到高级设置并取消选中启用内核模式身份验证。应该可以做到这一点。您的站点现在应该设置为本地 Intranet 应用程序,并且使用以下任何一项都可以工作
,但是使用 Environment.Username 只会返回服务器名称,希望这可以帮助任何遇到此问题的人
I'm not sure if you've found an answer, but if anyone is having problems with it you will need the following in your web.config file
And in IIS you will need Asp.net Impersonation enabled as well as Windows Authentication enabled, the others should be disabled. And in Windows Authentication, go to Advanced Settings and UNCHECK the Enable Kernel-mode authentication. That should do it. Your site should now be set for Local Intranet apps and using any of the following will work
But using Environment.Username will only return the server name, hopefully this helps anyone struggling with this
我遇到了与你描述的类似的问题。问题的基本症结在于模拟和委托之间存在差异。我对此的简单理解是,当客户端和服务器位于同一台机器上时,模拟就会起作用。但是,如果客户端位于不同的计算机上,则需要委派。
MSDN 参考
相关 SO 问题
I had a similar problem as you describe. The basic crux of the matter is that there is a difference between impersonation and delegation. My simple understanding of this is that impersonation will work when the client and server are on the same machine. If however, the client is on a different machine, you need delegation.
MSDN Reference
Related SO questions
你有没有尝试过使用
Have you tried using