当IIS身份验证启用并在IIS Express或IIS中运行时,Asp.Net Core似乎无法识别来自呼叫 context?.User?.Identity?.Name
的用户 .
所需行为:在IIS和/或IIS Express中启用Windows身份验证和匿名身份验证,Asp.Net Core应自动识别Windows用户 .
实际行为:当我在IIS或IIS Express中启用Windows和匿名身份验证时,用户名为null . 当我禁用匿名身份验证或调用 HttpContext.ChallengeAsync(IISDefaults.AuthenticationScheme)
时,我得到一个登录提示,我不想要 .
我的理解是,即使我想将它用于Active Directory,我也不需要活动目录或域来验证Windows用户 .
环境:
-
Windows 8.1(不在域上)
-
IIS 8.5 / Visual Studio 2017 w / IIS Express
安装了 -
Windows身份验证安全功能
-
Windows身份验证&(使用NTLM提供程序)和匿名身份验证已启用
-
以本地帐户用户身份登录
依赖关系:
- Microsoft.AspNetCore.All 2.0.8
启动:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = true;
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.Run(async (context) =>
{
await context.Response.WriteAsync(JsonConvert.SerializeObject(new
{
UserName = context?.User?.Identity?.Name
}));
});
launchSettings.json:
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51682/",
"sslPort": 0
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
web.config中:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="aspNetCore" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore forwardWindowsAuthToken="true" processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</configuration>
applicationhost.config :( IIS Express)
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false"></iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
1 回答
几件事:
禁用匿名身份验证时,会弹出一个窗口,因为浏览器可能不信任该站点 . 您需要打开Internet选项(从Windows控制面板) - >安全选项卡 - >单击“可信站点” - >单击“站点”,然后将URL添加到您的站点 . IE和Chrome都使用这些设置来决定是否自动发送您的凭据 .
如果同时启用了匿名和Windows身份验证,则匿名优先,除非您告诉用户必须登录 . 要执行此操作,请在控制器上使用
[Authorize]
属性,或仅使用单个操作 .更多细节,在 Headers "Allow Anonymous Access"下:https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.0&tabs=aspnetcore2x#allow-anonymous-access