我有一個MVC3 web應用程序,它以DOMAIN \ USER1帳戶運行。此用戶擁有AD集中的SPN,並且可以委派他人進行授權。ASP.NET:不能模擬調用者(2-hop?)
我希望此應用程序代表調用者訪問Sharepoint服務器並上傳文件給她/他。我使用下面的代碼
Dim request = HttpWebRequest.Create(http://sharepoint.domain.com)
request.Method = WebRequestMethods.Http.Head
request.PreAuthenticate = True
Dim identity = New WindowsIdentity(callerName & "@domain.com")
Dim impContext = identity.Impersonate()
'###### At this point identity.ImpersonationLevel is `Impersonate` not `Delegate`
request.Credentials = CredentialCache.DefaultNetworkCredentials
'###### DefaultNetworkCredentials is empty (Username, domain and password are all empty strings)
Dim response As HttpWebResponse
Try
response = request.GetResponse()
Return JsonSuccess()
Catch ex As WebException
'###### I get 401 Unauthorized exception
Return JsonError(ex.Message)
Finally
impContext.Undo()
End Try
我的問題是。如果此時的模擬級別爲Impersonate
或Delegate
(Sharepoint在與IIS服務器不同的計算機上運行)? 在AD中,我還爲sharepoint和HTTP配置了協議轉換,因此在發出請求後應更改爲Delegate
?我不知道,指導將不勝感激。
另一個問題是 - 不應該CredentialCache.DefaultNetworkCredentials至少包含模擬用戶的用戶名嗎?