我已经在线搜索了一个解决方案,但无济于事-我正尝试通过.NET Core 2.2中的HttpContext为Intranet应用程序访问登录的AD用户...
我看到了类似的问题(下面的链接),并且已经实现了解决方案,但是我的上下文仍然为空:-Link to similar problem
appsettings.json
StartUp.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);
services.Configure<IISServerOptions>(options =>
{
options.AutomaticAuthentication = true;
});
services.Configure<IISOptions>(options =>
{
options.ForwardClientCertificate = false;
});
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
services.AddAuthorization(options =>
{
options.AddPolicy("ADGroup", policy =>
policy.Requirements.Add(new UserHelper.CheckADGroupRequirement(Configuration["SecuritySettings:ADGroup"])));
});
services.AddSingleton<IAuthorizationHandler, UserHelper.CheckADGroupHandler>();
}
我已经以与链接中的解决方案相同的方式实现了CheckADGroupHandler
Program.cs
public class Program
{
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
}
显示具有空值的上下文的屏幕截图:-
HomeController.cs
[Authorize(Policy = "ADGroup")]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
}
我缺少了一些东西,但不知道是什么-任何指针都表示赞赏...
根据documentation for Windows Authentication with HTTP.sys,您在Program.cs中缺少对UseHttpSys()
的调用:
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseHttpSys(options =>
{
options.Authentication.Schemes =
AuthenticationSchemes.NTLM |
AuthenticationSchemes.Negotiate;
options.Authentication.AllowAnonymous = false;
})
.Build();
如果您在IIS后面运行应用程序,则Windows身份验证更容易实现,但是如果您由于无法使用IIS而使用HTTP.sys,那么值得注意的是,如果能够升级到ASP.NET 3.0,现在可以use Windows Authentication with Kestrel。
事实证明,这是IIS Express中的一个问题...与将Framework升级到.NET Core 3.0