ASP.NET aspx页面代码在禁用模拟的情况下以模拟方式运行_Asp.net_Authentication_Impersonation

ASP.NET aspx页面代码在禁用模拟的情况下以模拟方式运行

asp.net authentication

ASP.NET aspx页面代码在禁用模拟的情况下以模拟方式运行,asp.net,authentication,impersonation,Asp.net,Authentication,Impersonation,我在VS2005中创建了一个空白的测试应用程序作为ASP.NET应用程序。那默认情况下，ASP.NET不使用模拟，并且您的代码使用ASP.NET应用程序的进程标识运行我有下面的web.config <configuration> <appSettings/> <connectionStrings/> <system.web> <!-- Set compilation d

我在VS2005中创建了一个空白的测试应用程序作为ASP.NET应用程序。那

默认情况下，ASP.NET不使用模拟，并且您的代码使用ASP.NET应用程序的进程标识运行

我有下面的web.config

<configuration>

    <appSettings/>
    <connectionStrings/>

    <system.web>
        <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
        <compilation debug="true" defaultLanguage="c#" />
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="Windows"/>
        <identity impersonate="false"/>
        <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    </system.web>
</configuration>

重新加载页面时，我会得到以下调试输出：

[5288]在1之前：现任校长= 域\用户 [5288]之后：当前Princupal= 域\用户

输出与输出相同

<identity impersonate="false"/>

我不确定这有什么意义，但无论如何。我现在在sharepoint shared services管理用户配置文件权限方面遇到问题，但这是另一个问题。

似乎有些奇怪，需要尝试以下几点：

在监视窗口中调试类型$user中的断点时，将显示进程和线程标识

您使用的模拟不正确，请尝试以下代码：

// Declare the logon types as constants
const long LOGON32_LOGON_INTERACTIVE = 2;
const long LOGON32_LOGON_NETWORK = 3;

// Declare the logon providers as constants
const long LOGON32_PROVIDER_DEFAULT = 0;
const long LOGON32_PROVIDER_WINNT50 = 3;
const long LOGON32_PROVIDER_WINNT40 = 2;
const long LOGON32_PROVIDER_WINNT35 = 1;

[DllImport("advapi32.dll", EntryPoint = "LogonUser")]
private static extern bool LogonUser(
    string lpszUsername,
    string lpszDomain,
    string lpszPassword,
    int dwLogonType,
    int dwLogonProvider,
    ref IntPtr phToken);

public static WindowsImpersonationContext ImpersonateCurrentUserBegin(System.Net.NetworkCredential credential)
{
    WindowsImpersonationContext impersonationContext = null;
    if (credential == null || credential.UserName.Length == 0 || credential.Password.Length == 0 || credential.Domain.Length == 0)
    {
        throw new Exception("Incomplete user credentials specified");
    }
    impersonationContext = Security.Impersonate(credential);
    if (impersonationContext == null)
    {
        return null;
    }
    else
    {
        return impersonationContext;
    }
}

public static void ImpersonateCurrentUserEnd(WindowsImpersonationContext impersonationContext)
{
    if (impersonationContext != null)
    {
        impersonationContext.Undo();
    }
}

HttpContext.User.Identity.Name为您提供了什么

假设您已检查IIS中的安全选项卡，它允许匿名访问

您所在的active directory是否有一些奇怪的本地策略？

我想我理解您的问题所在

在进一步行动之前需要知道的事情

应用程序运行时存在不同的安全上下文。例如

System.Security.Principal.WindowsIdentity.GetCurrent（）.Name

，以及您上面提到的

System.Threading.Thread.CurrentPrincipal.Identity.Name

在web应用程序中，

System.Threading.Thread.CurrentPrincipal.Identity

始终由

HttpContext.Current.User.Identity

提供

说到你的观点。如果要修改

System.Threading.Thread.CurrentPrincipal.Identity

，请修改最初由身份验证机制提供的

HttpContext.Current.User.Identity

。

与Thread.CurrentPrincipal.Identity.Name的结果相同，无论是否允许匿名访问，情况都是一样的。我不知道域策略，必须尝试在另一个域中执行。感谢您提供有关$user的提示。对于$user，它表明（我现在拥有）一切都是我所期望的。WindowsIdentity.Impersonate（IntPtr.Zero）之前有模拟用户的令牌，之后没有令牌，并且进程处于网络服务下，但System.Threading.Thread.CurrentPrincipal.Identity.Name和HttpContext.Current.user.Identity.Name仍然为我提供模拟用户。

Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
HttpContext.Current.User = Thread.CurrentPrincipal;

// Declare the logon types as constants
const long LOGON32_LOGON_INTERACTIVE = 2;
const long LOGON32_LOGON_NETWORK = 3;

// Declare the logon providers as constants
const long LOGON32_PROVIDER_DEFAULT = 0;
const long LOGON32_PROVIDER_WINNT50 = 3;
const long LOGON32_PROVIDER_WINNT40 = 2;
const long LOGON32_PROVIDER_WINNT35 = 1;

[DllImport("advapi32.dll", EntryPoint = "LogonUser")]
private static extern bool LogonUser(
    string lpszUsername,
    string lpszDomain,
    string lpszPassword,
    int dwLogonType,
    int dwLogonProvider,
    ref IntPtr phToken);

public static WindowsImpersonationContext ImpersonateCurrentUserBegin(System.Net.NetworkCredential credential)
{
    WindowsImpersonationContext impersonationContext = null;
    if (credential == null || credential.UserName.Length == 0 || credential.Password.Length == 0 || credential.Domain.Length == 0)
    {
        throw new Exception("Incomplete user credentials specified");
    }
    impersonationContext = Security.Impersonate(credential);
    if (impersonationContext == null)
    {
        return null;
    }
    else
    {
        return impersonationContext;
    }
}

public static void ImpersonateCurrentUserEnd(WindowsImpersonationContext impersonationContext)
{
    if (impersonationContext != null)
    {
        impersonationContext.Undo();
    }
}