C# 在ASP.NET MVC中用WindowsIdentity替换FormSidenty
我有一个在Windows Phone 8.1设备上运行的应用程序,它可以访问ASP.NET MVC WebAPI上的后端构建。身份验证是使用FormsAuthentication完成的,因为在此设置中无法进行Windows身份验证。我可以让它运行:用户在电话上以自定义登录表单输入凭据,在服务器端根据Active Directory验证凭据。之后,客户端将获得AuthenticationToken 此代码段来自LoginController:C# 在ASP.NET MVC中用WindowsIdentity替换FormSidenty,c#,asp.net-mvc,active-directory,forms-authentication,windows-authentication,C#,Asp.net Mvc,Active Directory,Forms Authentication,Windows Authentication,我有一个在Windows Phone 8.1设备上运行的应用程序,它可以访问ASP.NET MVC WebAPI上的后端构建。身份验证是使用FormsAuthentication完成的,因为在此设置中无法进行Windows身份验证。我可以让它运行:用户在电话上以自定义登录表单输入凭据,在服务器端根据Active Directory验证凭据。之后,客户端将获得AuthenticationToken 此代码段来自LoginController: if (Membership.ValidateUser
if (Membership.ValidateUser(username, password))
{
FormsAuthentication.SetAuthCookie(username, false);
return Request.CreateResponse(HttpStatusCode.OK);
}
else
return Request.CreateResponse(HttpStatusCode.Unauthorized);
此代码段显示了Web.Config中身份验证的配置:
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="*" />
</authorization>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"/>
</providers>
</membership>
</system.web>
<system.webServer>
<modules>
<add name="FormToWindowsAuthenticationModule"
type="MyApp.FormToWindowsAuthenticationModule"
preCondition="managedHandler" />
</modules>
</system.webServer>
我的想法是在进行身份验证后用WindowsIdentity替换FormSidenty。为此,我连接到ASP.NET管道的PostAuthenticateRequest事件:
using System;
using System.Web;
namespace MyApp
{
public class FromToWindowsAuthenticationModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.PostAuthenticateRequest += PostAuthenticateRequest;
}
public void Dispose()
{
}
private void PostAuthenticateRequest(object sender, EventArgs e)
{
var ctx = HttpContext.Current;
if (ctx.Request.IsAuthenticated)
{
var principal = ctx.User;
var formsIdentity = principal.Identity as FormsIdentity;
if (formsIdentity != null)
{
var username = formsIdentity.Name;
var ident = new WindowsIdentity(...); // ???????????????????
var newUser = new WindowsPrincipal(ident);
ctx.User = Thread.CurrentPrincipal = newUser
}
}
}
}
}
要激活模块,必须将这些行添加到Web.Config中:
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="*" />
</authorization>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"/>
</providers>
</membership>
</system.web>
<system.webServer>
<modules>
<add name="FormToWindowsAuthenticationModule"
type="MyApp.FormToWindowsAuthenticationModule"
preCondition="managedHandler" />
</modules>
</system.webServer>
唯一缺少的是从ActiveDirectory检索WindowsIdentifier的部分。我该怎么做
我的方法可行吗?标识对象的替换会干扰ASP.NET管道的其余元素吗?这看起来很有希望:
private void PostAuthenticateRequest(object sender, EventArgs e)
{
var ctx = HttpContext.Current;
if (ctx.Request.IsAuthenticated)
{
var principal = ctx.User;
var formsIdentity = principal.Identity as FormsIdentity;
if (formsIdentity != null)
{
var username = formsIdentity.Name;
var domain = "mydomain.com";
var fullyQualifiedUsername = username + "@" + domain;
var windowsIdentity = new WindowsIdentity(fullyQualifiedUsername);
var windowsPrincipal = new WindowsPrincipal(windowsIdentity);
Thread.CurrentPrincipal = ctx.User = windowsPrincipal;
}
}
}