我开发了一个Web应用程序,只有具有管理员角色的用户才能访问它,而没有其他人...
我无法确定用户是否是管理员////
我的登录页面代码是
public partial class LoginPage : System.Web.UI.Page
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
//WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
protected void LoginButton_Click(object sender, EventArgs e)
{
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUserA(UserName.Text, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(wi);
if (wp.IsInRole("Administrators"))
{
BadCredentials.Visible = false;
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text;
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
}
else
{
BadCredentials.Visible = true;
Label1.Text = wp.Identity.ToString();
Label2.Text = wi.Name.ToString();
Label3.Text = "not Admin";
}
}
else
{
BadCredentials.Visible = true;
Label4.Text = "not valid user";
}
当我输入管理员和密码时
在这里,Label2.text给了我
XYZCOMP \ IUSR_XYZCOMP
并没有进入下一页......
任何帮助请...谢谢
我正在使用表单身份验证
> <authentication mode="Forms"> <forms
> name="AuthCookie"
> LoginUrl="Login.aspx" timeout = "60"
> /> </authentication> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
答案 0 :(得分:0)
我认为你的问题就在这一行:
wi = System.Security.Principal.WindowsIdentity.GetCurrent();
尝试将其更改为
wi = (WindowsIdentity)HttpContext.Current.User.Identity;
答案 1 :(得分:0)
如果您使用Windows身份验证访问该网站,则只需使用web.config来限制谁有权访问该网站:
<authentication mode="Windows"/>
<authorization>
<allow role="DOMAIN\Administrator"/>
<deny users="*"/>
</authorization>
这就是你想要的吗?