ASP.NET MVC IIS 7 - Request.ServerVariables[“LOGON_USER”] 返回空字符串
我的应用程序具有表单身份验证,但当用户是管理员时我会绕过表单。我通过使用以下代码提取用户名来完成此操作:
Request.ServerVariables["LOGON_USER"];
提取后,我使用返回的名称对 LDAP 进行身份验证。当在我的本地计算机上的 VS 中运行时,这工作得很好。
当我使用 IIS 运行时,该值为空。原因是我的应用程序启用了匿名身份验证。参考:http://support.microsoft.com/kb/306359
据我所知,我需要为具有表单身份验证的应用程序启用匿名身份验证。
无论如何我可以拉出登录电脑的用户吗?
更新:我得出的结论是我不能使用匿名身份验证。当我只有表单身份验证设置时,出现以下错误:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
My app has form authentication but I bypass the form when the user is an admin. I do this by pulling the username with this code:
Request.ServerVariables["LOGON_USER"];
Once pulled, I use the name returned to authenticate against LDAP. This works fine when run inside VS on my local machine.
When I run with IIS this value is blank. The reason for this is due to having anonymous authentication enabled for my app. Ref: http://support.microsoft.com/kb/306359
As far as I know I require Anonymous Authentication enabled for apps with forms authentication.
Is there anyway I can pull the user that is logged into the PC?
Update: I've come to the conclusion that I can't use Anonymous Authentication. I get the following error when I only have the Forms Authentication setup though:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
最后一个答案是微软的解决方案,但我找到了真正的原因:
显然,ServerVariables已经为C#贬值了
所以对于C#,你需要这样做:
我不想删除最后一个答案,因为它可能适用于运行旧版本 C# 的人。
Last answer is Microsoft's solution, but I found the real reason:
Apparently, ServerVariables have been depreciated for C#
So for C#, you need to do it this way:
I don't want to delete the last answer, because it may work for people running on older versions of C#.
您可以混合使用表单和 Windows 身份验证。在这里查看类似的解决方案: http://www.pluralsight-training.net/community/blogs/craig/archive/2004/07/24/1699.aspx
您可能没有登录表单中描述的复选框,但您可以只检查 HTTP 标头中的 LOGON_USER。
You can mix forms and windows authentication. Have a look at a similar solution here: http://www.pluralsight-training.net/community/blogs/craig/archive/2004/07/24/1699.aspx
You might not have the described checkbox in the login form, but you could just check the LOGON_USER in the HTTP header.
知识库文章PRB:Request.ServerVariables("LOGON_USER") 在 ASP.NET 中返回空字符串从不表示
显然,我也有这个问题,否则我不会在这里。
The KB article PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in ASP.NET never says where
<authentication mode="Windows" />goes.Obviously, I am having issues with this too, or I would not be here.