问题描述
在 Windows Server 2008 下的 IIS7 中,我有一个关闭匿名访问并打开 Windows 身份验证的虚拟目录.在我的 web.config 中,我有:
<身份验证模式="Windows"/><授权><允许角色="MYGROUP"/><拒绝用户="*"/></授权>
和
<!-- IIS7 安全设置--><安全><授权><添加 accessType="拒绝" 用户="*"/><添加 accessType="Allow" 角色="MYGROUP"/></授权></安全></system.webServer>
然而,当我从 IE 访问 default.aspx 并在 Global.asax.vb Application_AuthenticateRequest() 中设置断点时,我得到一个空的 HttpContext.Current.User ,我期待自己的身份.好像开启了匿名访问?
我可以做些什么来解决这个问题?一切似乎都在 IIS6 中运行.
将应用程序池移回经典的答案只是延迟问题.
请不要理会应用程序池,并将您的身份验证检查从 Application_AuthenticateRequest()
移至管道中的下一个函数:
Application_AuthorizeRequest(object sender, EventArgs e)
此时集成的Application Pool已经完成了windows认证让你不会收到来自HttpContext.Current.User
的null
.p>
可以找到管道 这里(链接由 CarlosAg 提供).
可以在 asp 网站上找到管道的可视化消息生命周期页面.在控制器部分检查两个绿色框身份验证过滤器"和授权过滤器".这些是你搞砸的地方.
In IIS7 under Windows Server 2008, I have a virtual directory with anonymous access off and Windows authentication on. In my web.config, I have:
<authentication mode="Windows"/>
<authorization>
<allow roles="MYGROUP"/>
<deny users="*"/>
</authorization>
and
<system.webServer>
<!-- IIS7 security settings -->
<security>
<authorization>
<add accessType="Deny" users="*"/>
<add accessType="Allow" roles="MYGROUP"/>
</authorization>
</security>
</system.webServer>
Yet when I access default.aspx from IE and set a breakpoint in Global.asax.vb Application_AuthenticateRequest(), I get a null HttpContext.Current.User where I am expecting my own identity. It is almost as if Anonymous Access is on?
What can I do to troubleshoot this? Everything seems to work in IIS6.
The answer to of moving the Application Pool back to classical is just delaying the problem.
Instead leave the application pool alone and move your authenticate check from Application_AuthenticateRequest()
, to the next function in the pipeline:
Application_AuthorizeRequest(object sender, EventArgs e)
By then the integrated Application Pool has completed the windows authentication allow you not to receive null
from HttpContext.Current.User
.
The pipeline can be found here (link provided by CarlosAg).
A visualization of the pipeline can be found on the asp website message lifecycle page. In the controller section checkout the two green boxes "Authentication filters" and "Authorization filters". These are the areas you are messing with.
这篇关于HttpContext.Current.User 为 null,即使 Windows 身份验证已打开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!