使用集成Windows身份验证时以其他用户身份登录

时间:2010-05-04 15:43:04

标签: c# asp.net windows-authentication

我通过使用集成Windows身份验证并关闭匿名访问来限制对网站的访问。这样我就可以向他们展示他们的真实姓名(从查看Active Directory并使用服务器变量LOGON_USER)并执行其他相关的Active Directory任务。

如何通过“以其他用户身份登录”链接再次提示他们的用户凭据,显示浏览器提示(就像您可以使用Chrome或Firefox等浏览器,或者该网站不在IE中的“Intranet”区域而不是Web表单?

由于SharePoint提供此功能,我假设有一种方法可以通过代码执行此操作,但我不知道哪些代码可以执行此操作(使用C#)。我可以发送一个401标题,使提示出现,但是你如何确认他们是否已登录?

2 个答案:

答案 0 :(得分:1)

也许这可以帮助你。

ASP .NET – C# – How to “Sign in as Different User” like in Microsoft SharePoint with Windows Authentication

答案 1 :(得分:1)

尝试这种方法。它基于方法的反汇编代码Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()

首先,我正在使用javascript访问AccessDeniedPage页面,因为Sharepoint做了类似的事情:

function GoToSignAs() {
    window.location.replace("./SignAs.aspx?signAs=true&returnUrl=" + window.location.toString());
}

<a onclick="GoToSignAs(); return false;" href="javascript:;">SignAs</a>

然后,在您的页面AccessDeniedPage中使用:

public partial class SignAs : Page
{
    private const string LoginAttempts = "LoginAttempts";

    protected override void OnLoad(EventArgs e)
    {
        base.OnLoad(e);
        HttpContext current = HttpContext.Current;
        if (current == null)
        {
            throw new InvalidOperationException();
        }
        if (GetUrlParameter<bool>("signAs"))
        {
            HandleSignAs(current, GetUrlParameter<string>("returnUrl"));
        }
    }

    // ...

    private static void HandleSignAs(HttpContext context, string returnUrl)
    {
        int attempts = 0;
        HttpCookie attemptsCookie = context.Request.Cookies[LoginAttempts];
        if (attemptsCookie == null || string.IsNullOrEmpty(attemptsCookie.Value))
        {
            attemptsCookie = new HttpCookie(LoginAttempts);
        }
        else
        {
            attempts = int.Parse(attemptsCookie.Value, CultureInfo.InvariantCulture);
        }

        if (!string.IsNullOrEmpty(context.Request.Headers["Authorization"]))
        {
            // Attempts are counted only if an authorization token is informed.
            attempts++;
        }

        if (attempts>1)
        {
            attemptsCookie.Value = string.Empty;
            context.Response.Cookies.Add(attemptsCookie);
            context.Response.Redirect(returnUrl, true);
        }
        else
        {
            attemptsCookie.Value = attempts.ToString(CultureInfo.InvariantCulture);
            context.Response.Cookies.Add(attemptsCookie);
            SendEndResponse(context, 401, "401 Unauthorized");
        }
    }

    private static void SendEndResponse(HttpContext context, int code, string description)
    {
        HttpResponse response = context.Response;
        context.Items["ResponseEnded"] = true;
        context.ClearError();

        response.StatusCode = code;
        response.Clear();
        response.StatusDescription = description;

        response.AppendHeader("Connection", "close");
        response.AddHeader("WWW-Authenticate", "Negotiate");
        response.AddHeader("WWW-Authenticate", "NTLM");

        response.End();
    }
}

FIX:您必须使用IIS才能正常工作

相关问题
最新问题