Fatal编程技术网
  • asp.net-mvc/
  • Asp.net mvc 在IAuthenticationFilter的HttpUnauthorizedResult之后检索Windows标识

Asp.net mvc 在IAuthenticationFilter的HttpUnauthorizedResult之后检索Windows标识

asp.net-mvc asp.net-mvc-5

Asp.net mvc 在IAuthenticationFilter的HttpUnauthorizedResult之后检索Windows标识,asp.net-mvc,asp.net-mvc-5,windows-authentication,Asp.net Mvc,Asp.net Mvc 5,Windows Authentication,我有一个iaAuthenticationFilter将检查SharePoint中的用户组: public class BasicAuthFilter : ActionFilterAttribute, IAuthenticationFilter { public void OnAuthentication(AuthenticationContext filterContext) { string userLoginName = fil

我有一个
iaAuthenticationFilter
将检查SharePoint中的用户组:

public class BasicAuthFilter : ActionFilterAttribute, IAuthenticationFilter
    {
        public void OnAuthentication(AuthenticationContext filterContext)
        {
            string userLoginName = filterContext.RequestContext.HttpContext.User.Identity.Name;
            if (SecurityManager.Auth(userLoginName))
                return;
            else
                filterContext.Result = new RedirectResult(new UrlHelper(filterContext.RequestContext).Action("AccessDenied", "Error"));
        }

        ...
    }
}
除了
ErrorController

[AllowAnonymous]
public class ErrorController : Controller
    ...

    // Display view and link for "Logout"
    public ActionResult AccessDenied()
    {
        return View();
    }

    // GET: Logout
    [OutputCache(VaryByParam = "*", Duration = 0, NoStore = true)] // disable caching
    public ActionResult Logout()
    {
        string currentUser = User.Identity.Name;
        int AuthenticationAttempts = 0;

        if (Session["AuthenticationAttempts"] == null || !int.TryParse(Convert.ToString(Session["AuthenticationAttempts"]), out AuthenticationAttempts))
            AuthenticationAttempts = 0;

        AuthenticationAttempts += 1;

        if (AuthenticationAttempts == 1)
        {
            Session["PrevUser"] = User.Identity.Name;
            Session["AuthenticationAttempts"] = AuthenticationAttempts;
            return new HttpUnauthorizedResult();
        }
        else if (string.Compare(Convert.ToString(Session["PrevUser"]), currentUser, true) == 0)  // Somehow it will have echo back, ignore it
        {
            return new HttpUnauthorizedResult();
        }
        else
        {
            Session.Abandon();
            Session.Clear();
            return RedirectToAction("Index", "Home");
        }
    }
}

错误控制器返回
HttpUnauthorizedResult
时,浏览器将提示登录。我可以从
ErrorController
中的
user.Identity.name
获取新用户名

然而,当它重定向到
HomeController
时,用户被重置为原始用户,我尝试了以下操作,但仍然是相同的


filterContext.RequestContext.HttpContext.User.Identity.Name
filterContext.HttpContext.User.Identity.Name
filterContext.Principal.Identity.Name



我是否遗漏了什么,或者我应该在用户输入后分配主体?
对于遇到相同问题的任何人,请确保您已使用IIS对其进行了测试

此方法可以工作,但无法在IISExpress中工作