猿问

访问 ASP.NET Core 中间件中的用户凭据

在 Windows 上运行的 ASP.NET 核心 (2.1) 中,我使用配置了以下身份验证方案的 HttpSys:


builder.UseHttpSys(options =>

        {

            options.Authentication.Schemes = AuthenticationSchemes.Negotiate | AuthenticationSchemes.NTLM;

            options.Authentication.AllowAnonymous = true;

        })

然后在我的 Startup.Configure() 方法中,我试图访问调用 uri "/sensitiveOperation" 的客户端的用户凭据,如下所示:


public void Configure(IApplicationBuilder app, IHostingEnvironment env)

    {

        app.UseAuthentication();


        app.MapWhen(context => context.Request.Path.Equals("/sensitiveOperation") && context.Request.Method.Equals(HttpMethods.Put), subApp =>

        {                

            subApp.Run(async (context) =>

            {

                if (context.User.Identity.Name == "admin")

                {

                    await context.Response.WriteAsync("Performing sensitive operation.");

                    // .. Do Sensitive operation....

                }                    

            });

        });

这个例子有点粗俗,但重点是 context.User.Identity.Name 总是空的,我希望看到正在进行调用的 AD 帐户的名称。请注意,调用是在 powershell 中完成的,如下所示:


Invoke-WebRequest -Uri http://localhost:5555/sensitiveOperation -Method Put -UseDefaultCredentials

我可以将此代码放在控制器中并使用 [Authorize] 属性来获取凭据,但我更愿意在点击 Mvc 管道之前执行此操作。有没有办法在管道的早期阶段获得用户?


呼唤远方
浏览 212回答 3
3回答

慕哥9229398

更改允许匿名options.Authentication.AllowAnonymous = false;如果您启用了匿名,并且您没有提示进行身份验证,那么浏览器将不会进行身份验证。即使您确实发送创建,asp.net 也不会获取它们,除非控制器/方法上有 Authenticate 属性,或者,如果您要使用函数路由,则调用 signin。
0

至尊宝的传说

如果您不想设置AllowAnonymous为false,则可以尝试context.ChallengeAsync基于 对请求进行身份验证Credential。这是代码:&nbsp; &nbsp; &nbsp; &nbsp; app.MapWhen(context => context.Request.Path.Equals("/sensitiveOperation") && context.Request.Method.Equals(HttpMethods.Put), subApp =>&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; subApp.Run(async (context) =>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var authService = context.RequestServices.GetRequiredService<IAuthorizationService>();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (!context.User.Identity.IsAuthenticated)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //await context.ChallengeAsync("Windows"); //Option1&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //await context.ChallengeAsync();&nbsp; //Option2&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; await context.ChallengeAsync(HttpSysDefaults.AuthenticationScheme); //Option3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (context.User.Identity.Name == "admin")&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; await context.Response.WriteAsync("Performing sensitive operation.");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // .. Do Sensitive operation....&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; });&nbsp; &nbsp; &nbsp; &nbsp; });请注意,对于这种方式,subApp.Run将运行两次,第一个请求是 UnAuthenticated,它将挑战凭证,第二个请求是 Authenticated 并且context.User.Identity.Name将具有价值。这个过程是后端,这不会反映在powershell.
0

森林海

我正在使用 .NET Core 3.0,并且在我的自定义中间件中,我能够使用以下代码获取 UserId:httpContext.User.Identity.IsAuthenticated&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;?&nbsp;new&nbsp;Guid(httpContext.User.Claims.Where(c&nbsp;=>&nbsp;c.Type&nbsp;==&nbsp;ClaimTypes.NameIdentifier).First().Value) &nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Guid.Empty
0
随时随地看视频慕课网APP

相关分类

C#
typedef入门问题 1 回答
我要回答