问题
I'm using the following code to authenticate via Kerberos.
IntPtr logonToken = WindowsIdentity.GetCurrent().Token;
string authenticationType = "WindowsAuthentication";
WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken, authenticationType);
//windowsIdentity.Name == equals "IIS APPPOOL\Classic .NET AppPool" when I want it to be the user
This only happens when I try and run my .NET application the Web Server. If I run the code locally on my machine for debugging, it shows my userid in the Name property. Any suggestions on how to get this working on a web server?
回答1:
You need to enable impersonation in web.config:
To configure ASP.NET to impersonate the Windows identity supplied by IIS as the WindowsIdentity for the ASP.NET application, edit the Web.config file for the application and set the impersonate attribute of the identity configuration element to true, as shown in the following example.
<configuration> <system.web> <identity impersonate="true" /> </system.web> </configuration>
When you run the code locally for debugging you're probably using the web dev server that runs as your logged-in user, which is why you'll see the correct user in debug.
回答2:
Your problem is, your IIS server runs under its own identity, not yours. Therefore, WindowsIdentity.GetCurrent().Token
returns IIS work process' identity.
You can configure your website to run under different identity (including yours) using IIS Manager console:
来源:https://stackoverflow.com/questions/6061303/how-do-i-set-up-net-windowsauthentication-the-name-always-shows-up-as-iis-ap