背景:
我有一个MVC 5 / C#应用程序,可连接外部API。它使用Active Directory用户的Principal Context授权。该应用检查是否将UserPrincipal.Current其Un / Pw组合存储在Db中,以便以后在外部API上进行任何操作。
public bool IsUserSetup()
{
try
{
// find currently logged in user
var user = UserPrincipal.Current; // <- ERRS HERE -----
// check if this user exists in Db with creds
if (user != null)
{
var u = _userProfileRepository.GetUserProfileByUserSID(user.Sid.ToString());
if (u != null
&& !string.IsNullOrEmpty(u.RallyUsername)
&& !string.IsNullOrEmpty(u.RallyPassword)
&& u.IsActive // <-- make sure this person is an active user
)
{
return true;
}
}
}
catch (Exception ex)
{
string exMessage = ex.Message;
//throw ex;
}
return false;
}
UserPrincipal.Current默认情况下,它将返回应用程序池的身份。<system.web> <identity impersonate="true"/>...但是,如果我启用“模拟”(true),则会得到以下信息:
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
因此,我将更app pool改为使用“经典”(我认为这不是我应该采取的答案或路径),但出现此错误:
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
显然,这在IIS Express中很好用,它对我(域\用户名)很好。但是,当我将其切换到IIS或将其部署到实际的Web服务器时,会遇到这些问题。
我需要获取当前用户/本金,以便将其SID和凭据存储到Db中的外部API。然后,在使用站点/应用程序时,它会根据需要自动使用其凭据来在API中进行工作。
我需要做什么:
从这里开始,使用选项2,即:
<system.webServer>
<!--When using 'Integrated Pipeline' on IIS on the server, and if your application does not rely on impersonating the requesting user in the 'BeginRequest' and 'AuthenticateRequest' stages (the only stages where impersonation is not possible in Integrated mode), but still requires Impersonation in other areas of the application, ignore this error (500 - Internal Server Error) by adding the following to your application’s web.config-->
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句