将应用程序池凭据用于 WebClient 请求
Use App Pool Credentials for WebClient Request
我想使用应用程序池凭据来避免 Web API 方法的双跳问题。但是,我不希望模拟所有请求,只希望模拟这个特定请求。该代码目前看起来像这样:
[Route("api/mycontroller/mymethod")]
public string GetDataFromOtherInternalSystem(int id)
{
var client = new WebClient ( Credentials = CredentialCache.DefaultNetworkCredentials);
return client.DownloadString('http://internaldomain/api/method/id')
}
根据我对 MSDN 的理解,用户上下文是该浏览器会话的登录用户(即我的帐户通过 Active Directory 而不是应用程序池的帐户)。
The credentials returned by DefaultNetworkCredentials represents the
authentication credentials for the current security context in which
the application is running. For a client-side application, these are
usually the Windows credentials (user name, password, and domain) of
the user running the application. For ASP.NET applications, the
default network credentials are the user credentials of the logged-in
user, or the user being impersonated.
这会产生双跳问题,如果请求完全来自 Web 应用程序作为服务帐户(我不必动态构建凭据),则可以消除该问题。
关于如何在我不指定用户凭据的情况下模拟应用程序池的任何想法如下:
var cred = new NetworkCredential("myusername", "mypassword")
我再次尝试避免为 Kerberos 或 CORS 正确设置其他 Web 服务。
这可以通过将空指针 (IntPtr.Zero) 传递给 WindowsIdentity class 的静态 Impersonate 方法来实现。以下是 MSDN document for the Impersonate method:
中的描述
Calling the Impersonate(IntPtr) method with a userToken value of Zero is equivalent to calling the Win32 RevertToSelf function. If another user is currently being impersonated, control reverts to the original user.
用法如下所示:
using (var impersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero))
{
try
{
// this code is now using the application pool indentity
}
finally
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}
}
我想使用应用程序池凭据来避免 Web API 方法的双跳问题。但是,我不希望模拟所有请求,只希望模拟这个特定请求。该代码目前看起来像这样:
[Route("api/mycontroller/mymethod")]
public string GetDataFromOtherInternalSystem(int id)
{
var client = new WebClient ( Credentials = CredentialCache.DefaultNetworkCredentials);
return client.DownloadString('http://internaldomain/api/method/id')
}
根据我对 MSDN 的理解,用户上下文是该浏览器会话的登录用户(即我的帐户通过 Active Directory 而不是应用程序池的帐户)。
The credentials returned by DefaultNetworkCredentials represents the authentication credentials for the current security context in which the application is running. For a client-side application, these are usually the Windows credentials (user name, password, and domain) of the user running the application. For ASP.NET applications, the default network credentials are the user credentials of the logged-in user, or the user being impersonated.
这会产生双跳问题,如果请求完全来自 Web 应用程序作为服务帐户(我不必动态构建凭据),则可以消除该问题。
关于如何在我不指定用户凭据的情况下模拟应用程序池的任何想法如下:
var cred = new NetworkCredential("myusername", "mypassword")
我再次尝试避免为 Kerberos 或 CORS 正确设置其他 Web 服务。
这可以通过将空指针 (IntPtr.Zero) 传递给 WindowsIdentity class 的静态 Impersonate 方法来实现。以下是 MSDN document for the Impersonate method:
中的描述Calling the Impersonate(IntPtr) method with a userToken value of Zero is equivalent to calling the Win32 RevertToSelf function. If another user is currently being impersonated, control reverts to the original user.
用法如下所示:
using (var impersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero))
{
try
{
// this code is now using the application pool indentity
}
finally
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}
}