ApiController.User.Identity 和 System.Security.Principal.WindowsIdentity 给出了不同的用户详细信息
ApiController.User.Identity and System.Security.Principal.WindowsIdentity gives different user details
我有一个 OWIN 托管网站 api,它以 Network Service
运行,并通过 OWIN 启动 class 的配置方法中的以下行启用了 WindowsAuthentication
。
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
一切正常,除了当我尝试获取用户详细信息时,
caller = System.Security.Principal.WindowsIdentity.GetCurrent();
Returns: AuthenticationType: "Negotiate", Name: "NT AUTHORITY\NETWORK SERVICE"
ApiController.User.Identity
Returns: AuthenticationType: "NTLM", Name: "Domain\Username"
我实际上期待 ApiController.User.Identity
提供的凭据。我对为什么我在两者中得到不同的结果感到困惑。谁能帮我这个?
public class CustomFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
var caller = OperationContext.Current; //null
caller = System.Web.HttpContext.Current; //null
caller = actionContext.RequestContext.Principal.Identity as WindowsIdentity; //desired
caller = System.Security.Principal.WindowsIdentity.GetCurrent(); //gives account details under which the project is hosted.
}
}
OWIN 启动 class:
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
HttpConfiguration config = new HttpConfiguration();
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
config.MapHttpAttributeRoutes();
config.MapODataServiceRoute(
routeName: "ODataRoute",
routePrefix: "Data",
model: GetModel()
);
config.EnsureInitialized();
appBuilder.UseWebApi(config);
}
}
这里解释的很清楚-
https://msdn.microsoft.com/en-us/library/aa302377.aspx
ASP.NET provides the following principal and identity object
implementations:
- WindowsPrincipal and
WindowsIdentity objects represent users who have been
authenticated with Windows authentication. With these objects, the
role list is automatically obtained from the set of Windows groups to
which the Windows user belongs.
- GenericPrincipal and
GenericIdentity objects represent users who have been
authenticated using Forms authentication or other custom
authentication mechanisms. With these objects, the role list is
obtained in a custom manner, typically from a database.
- FormsIdentity and
PassportIdentity objects represent users who have
been authenticated with Forms and Passport authentication
respectively.
The following tables illustrate, for a range of IIS authentication
settings, the resultant identity that is obtained from each of the
variables that maintain an IPrincipal and/or
IIdentity object. The following abbreviations are
used in the table:
- HttpContext =
HttpContext.Current.User, which returns an
IPrincipal object that contains security information
for the current Web request. This is the authenticated Web
client.
- WindowsIdentity =
WindowsIdentity.GetCurrent(), which returns the
identity of the security context of the currently executing Win32
thread.
- Thread =
Thread.CurrentPrincipal which returns the principal
of the currently executing .NET thread which rides on top of the Win32
thread.
Note With IIS 6.0 running on Windows
Server 2003, the identity Matrix works except that the Machine\ASPNET
identity is replaced with NT Authority\Network Service.
我有一个 OWIN 托管网站 api,它以 Network Service
运行,并通过 OWIN 启动 class 的配置方法中的以下行启用了 WindowsAuthentication
。
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
一切正常,除了当我尝试获取用户详细信息时,
caller = System.Security.Principal.WindowsIdentity.GetCurrent();
Returns:AuthenticationType: "Negotiate", Name: "NT AUTHORITY\NETWORK SERVICE"
ApiController.User.Identity
Returns:AuthenticationType: "NTLM", Name: "Domain\Username"
我实际上期待 ApiController.User.Identity
提供的凭据。我对为什么我在两者中得到不同的结果感到困惑。谁能帮我这个?
public class CustomFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
var caller = OperationContext.Current; //null
caller = System.Web.HttpContext.Current; //null
caller = actionContext.RequestContext.Principal.Identity as WindowsIdentity; //desired
caller = System.Security.Principal.WindowsIdentity.GetCurrent(); //gives account details under which the project is hosted.
}
}
OWIN 启动 class:
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
HttpConfiguration config = new HttpConfiguration();
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
config.MapHttpAttributeRoutes();
config.MapODataServiceRoute(
routeName: "ODataRoute",
routePrefix: "Data",
model: GetModel()
);
config.EnsureInitialized();
appBuilder.UseWebApi(config);
}
}
这里解释的很清楚- https://msdn.microsoft.com/en-us/library/aa302377.aspx
ASP.NET provides the following principal and identity object implementations:
- WindowsPrincipal and WindowsIdentity objects represent users who have been authenticated with Windows authentication. With these objects, the role list is automatically obtained from the set of Windows groups to which the Windows user belongs.
- GenericPrincipal and GenericIdentity objects represent users who have been authenticated using Forms authentication or other custom authentication mechanisms. With these objects, the role list is obtained in a custom manner, typically from a database.
- FormsIdentity and PassportIdentity objects represent users who have been authenticated with Forms and Passport authentication respectively.
The following tables illustrate, for a range of IIS authentication settings, the resultant identity that is obtained from each of the variables that maintain an IPrincipal and/or IIdentity object. The following abbreviations are used in the table:
Note With IIS 6.0 running on Windows Server 2003, the identity Matrix works except that the Machine\ASPNET identity is replaced with NT Authority\Network Service.
- HttpContext = HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current Web request. This is the authenticated Web client.
- WindowsIdentity = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread.
- Thread = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.