1. 首頁
  2. 問答
  3. 在ASP.NET MVC中用WindowsIdentity替換FormsIdentity

在ASP.NET MVC中用WindowsIdentity替換FormsIdentity

2015-03-13 167 views
0

我有一個應用程序在Windows Phone 8.1設備上運行,它訪問ASP.NET MVC WebAPI上的後端構建。使用FormsAuthentication進行身份驗證,因爲WindowsAuthentication在此設置中不可用。我可以讓它運行:用戶在手機上的自定義登錄表單中輸入她的憑證,在服務器端憑據根據Active Directory進行驗證。之後,客戶端獲得一個AuthenticationToken。在ASP.NET MVC中用WindowsIdentity替換FormsIdentity

這個片段是從的LoginController:

if (Membership.ValidateUser(username, password)) 
{ 
    FormsAuthentication.SetAuthCookie(username, false); 
    return Request.CreateResponse(HttpStatusCode.OK); 
} 
else 
    return Request.CreateResponse(HttpStatusCode.Unauthorized);

而這個片段展示了驗證在web.config配置:

<system.web> 
    <authentication mode="Forms" /> 
    <authorization> 
    <allow users="*" /> 
    </authorization> 
    <membership defaultProvider="MembershipADProvider"> 
    <providers> 
     <add name="MembershipADProvider" 
      type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
      connectionStringName="ADConnectionString"/> 
    </providers> 
    </membership> 
</system.web>

我的問題是,FormsIdentity僅公開用戶名。但後端需要包含AD用戶的SID的WindowsIdentity。後端最初是爲基於瀏覽器的客戶端構建的,並不意味着要爲移動設備提供服務。

var windowsId = User.Identity as WindowsIdentity; 
if (windowsId == null) return null; 
var sid = windowsId.User;

我的想法是在身份驗證發生後用WindowsIdentity替換FormsIdentity。爲了做到這一點,我掛鉤到ASP.NET管道PostAuthenticateRequest事件:

using System; 
using System.Web; 

namespace MyApp 
{ 
    public class FromToWindowsAuthenticationModule : IHttpModule 
    { 
     public void Init(HttpApplication context) 
     { 
      context.PostAuthenticateRequest += PostAuthenticateRequest; 
     } 

     public void Dispose() 
     { 
     } 

     private void PostAuthenticateRequest(object sender, EventArgs e) 
     { 
      var ctx = HttpContext.Current; 
      if (ctx.Request.IsAuthenticated) 
      { 
       var principal = ctx.User; 
       var formsIdentity = principal.Identity as FormsIdentity; 
       if (formsIdentity != null) 
       { 
        var username = formsIdentity.Name; 

        var ident = new WindowsIdentity(...); // ??????????????????? 

        var newUser = new WindowsPrincipal(ident);   
        ctx.User = Thread.CurrentPrincipal = newUser 
       } 
      } 
     } 
    } 
}

要激活模塊,這些線必須添加到Web.config:

<system.webServer> 
    <modules> 
     <add name="FormToWindowsAuthenticationModule" 
      type="MyApp.FormToWindowsAuthenticationModule" 
      preCondition="managedHandler" /> 
    </modules> 
    </system.webServer>

的唯一缺少的是從ActiveDirectory檢索WindowsIdentifier的部分。我怎樣才能做到這一點?

我的方法是否可行?替換Identity對象是否會干擾ASP.NET管道的其餘元素?

來源

2015-03-13 Olaf

回答

0

這看起來很有希望:

private void PostAuthenticateRequest(object sender, EventArgs e) 
    { 
     var ctx = HttpContext.Current; 
     if (ctx.Request.IsAuthenticated) 
     { 
      var principal = ctx.User; 
      var formsIdentity = principal.Identity as FormsIdentity; 
      if (formsIdentity != null) 
      { 
       var username = formsIdentity.Name; 
       var domain = "mydomain.com"; 
       var fullyQualifiedUsername = username + "@" + domain; 

       var windowsIdentity = new WindowsIdentity(fullyQualifiedUsername); 
       var windowsPrincipal = new WindowsPrincipal(windowsIdentity); 

       Thread.CurrentPrincipal = ctx.User = windowsPrincipal; 
      } 
     } 
    }

來源

2015-03-16 13:22:13 Olaf

相關問題

 相關問題