异常详细信息:System.Security.SecurityException:指定的登录会话不存在。它可能已经被终止
Exception Details: System.Security.SecurityException: A specified logon session does not exist. It may already have been terminated
我部署了一个测试网络应用程序到虚拟 Windows 服务器 2008 std。 IIS 没有分配给此应用程序的证书功能,也没有分配给此服务器上部署的任何应用程序,因此我找到的 none 解决方案与我的问题相关。同一服务器上的所有其他应用程序都可以正常工作,这让我得出结论,问题一定出在我用来在 global.asax 文件中进行身份验证的代码上。
我已经检查了 gpedit.msc 和 网络访问:不允许存储凭据ials 已被禁用。 This posting is closest to my issue that I've been able to find but no solution was accepted. I've checked MMC but there is nothing in it but an empty Console Root node so there is nothing to delete and reinstall as some have suggested here and here。我无法在工作中访问博客网站——有些网站听起来很有前途,但我看不懂。我将 Full Trust 添加到 web.config 它没有任何区别,并注意到 IIS 中的 .NET 信任级别已经设置为 Full(内部)。
完整的错误信息是:
System.Security.SecurityException: A specified logon session does not exist. It may already have been terminated.
at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)
at EPRSystem.Global.IsInADGroup(String user, String group)
at EPRSystem.Global.Application_AuthenticateRequest(Object sender, EventArgs e)
The Zone of the assembly that failed was:
MyComputer
对我有什么想法吗?
这是我的全局代码:
public Boolean IsAdmin;
public Boolean IsManager;
public Boolean IsDeveloper;
string UserName;
public String GetUserName()
{
WindowsIdentity wiCurrentUser;
wiCurrentUser = WindowsIdentity.GetCurrent();
String strUserName = wiCurrentUser.Name;
String[] strParts = strUserName.Split('\');
strUserName = strParts[1];
return strUserName;
}
public Boolean IsInADGroup(string user, string group)
{
using (var identity = new WindowsIdentity(user))
{
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(group);
}
}
protected void Session_Start(object sender, EventArgs e)
{
//Write method: Get current user's username
UserName = HttpContext.Current.User.Identity.Name; //get AD name of user
HttpContext.Current.Session["UserName"] = GetUserName();
HttpContext.Current.Session["IsAdmin"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group1");
HttpContext.Current.Session["IsManager"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group2");
HttpContext.Current.Session["IsDeveloper"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group3");
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//Write method: Identity/Authenticate current user
DAL.ErrorLog oErrorLog = new DAL.ErrorLog();
try
{
String strUser = GetUserName();
IsAdmin = IsInADGroup(strUser, "group1");
IsManager = IsInADGroup(strUser, "group2");
IsDeveloper = IsInADGroup(strUser, "group3");
}
catch (System.Security.SecurityException ex)
{
oErrorLog.WriteErrorLog(ex.ToString());
}
}
我读了 Shawn Farkas 的这篇文章,重点关注他的评论“1.Determine 需要什么权限导致您的应用程序抛出,并尝试修改您的应用程序不再需要这些权限。抛出的 SecurityException 应该告诉您哪个需求
失败了。
我从 Global.asax 中完全删除了授权码,将其移至 Default.aspx.cs。我用 marc_s 在一个名为 CheckGroupMembership(). 的新方法中建议的代码混合替换了错误起源的 IsInADGroup(x,y) 方法 我实例化了一个全局数组变量 groupName[] 包含我想检查三个 AD 组的成员资格,最终这些值 IsMember[] 被传递给 Session 变量,以便它们可以在另一个页面上使用。解决方案的核心是这种方法:需要命名空间 System.DirectoryServices.AccountManagement
public void CheckGroupMembership()
{
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "XXX");
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, GetUserName());
for (int i = 0; i < 3; i++)
{
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName[i]);
if (user != null)
{
// check if user is member of that group
if (user.IsMemberOf(group))
{
IsMember[i] = true;
}
else
{
IsMember[i] = false;
}
}
}
}
我部署了一个测试网络应用程序到虚拟 Windows 服务器 2008 std。 IIS 没有分配给此应用程序的证书功能,也没有分配给此服务器上部署的任何应用程序,因此我找到的 none 解决方案与我的问题相关。同一服务器上的所有其他应用程序都可以正常工作,这让我得出结论,问题一定出在我用来在 global.asax 文件中进行身份验证的代码上。
我已经检查了 gpedit.msc 和 网络访问:不允许存储凭据ials 已被禁用。 This posting is closest to my issue that I've been able to find but no solution was accepted. I've checked MMC but there is nothing in it but an empty Console Root node so there is nothing to delete and reinstall as some have suggested here and here。我无法在工作中访问博客网站——有些网站听起来很有前途,但我看不懂。我将 Full Trust 添加到 web.config 它没有任何区别,并注意到 IIS 中的 .NET 信任级别已经设置为 Full(内部)。
完整的错误信息是:
System.Security.SecurityException: A specified logon session does not exist. It may already have been terminated.
at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)
at EPRSystem.Global.IsInADGroup(String user, String group)
at EPRSystem.Global.Application_AuthenticateRequest(Object sender, EventArgs e)
The Zone of the assembly that failed was:
MyComputer
对我有什么想法吗?
这是我的全局代码:
public Boolean IsAdmin;
public Boolean IsManager;
public Boolean IsDeveloper;
string UserName;
public String GetUserName()
{
WindowsIdentity wiCurrentUser;
wiCurrentUser = WindowsIdentity.GetCurrent();
String strUserName = wiCurrentUser.Name;
String[] strParts = strUserName.Split('\');
strUserName = strParts[1];
return strUserName;
}
public Boolean IsInADGroup(string user, string group)
{
using (var identity = new WindowsIdentity(user))
{
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(group);
}
}
protected void Session_Start(object sender, EventArgs e)
{
//Write method: Get current user's username
UserName = HttpContext.Current.User.Identity.Name; //get AD name of user
HttpContext.Current.Session["UserName"] = GetUserName();
HttpContext.Current.Session["IsAdmin"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group1");
HttpContext.Current.Session["IsManager"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group2");
HttpContext.Current.Session["IsDeveloper"] = IsInADGroup(HttpContext.Current.Session["UserName"].ToString(), "group3");
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//Write method: Identity/Authenticate current user
DAL.ErrorLog oErrorLog = new DAL.ErrorLog();
try
{
String strUser = GetUserName();
IsAdmin = IsInADGroup(strUser, "group1");
IsManager = IsInADGroup(strUser, "group2");
IsDeveloper = IsInADGroup(strUser, "group3");
}
catch (System.Security.SecurityException ex)
{
oErrorLog.WriteErrorLog(ex.ToString());
}
}
我读了 Shawn Farkas 的这篇文章,重点关注他的评论“1.Determine 需要什么权限导致您的应用程序抛出,并尝试修改您的应用程序不再需要这些权限。抛出的 SecurityException 应该告诉您哪个需求 失败了。
我从 Global.asax 中完全删除了授权码,将其移至 Default.aspx.cs。我用 marc_s 在一个名为 CheckGroupMembership(). 的新方法中建议的代码混合替换了错误起源的 IsInADGroup(x,y) 方法 我实例化了一个全局数组变量 groupName[] 包含我想检查三个 AD 组的成员资格,最终这些值 IsMember[] 被传递给 Session 变量,以便它们可以在另一个页面上使用。解决方案的核心是这种方法:需要命名空间 System.DirectoryServices.AccountManagement
public void CheckGroupMembership()
{
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "XXX");
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, GetUserName());
for (int i = 0; i < 3; i++)
{
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName[i]);
if (user != null)
{
// check if user is member of that group
if (user.IsMemberOf(group))
{
IsMember[i] = true;
}
else
{
IsMember[i] = false;
}
}
}
}