从ClaimsIdentity获取WindowsIdentity

时间:2018-05-14 11:28:59

标签: asp.net asp.net-mvc owin claims windows-identity

在我的ASP .NET MVC5 WebApp中,我使用Owin Identity登录@ domain.com凭据并使用office 365 API Microsoft Graph获取数据。

WebApp的另一个功能是从Active Directory读取数据并允许用户修改它。

我正在尝试从当前的ClaimsIdentity获取WindowsIdentity,其类型为System.Security.Claims.ClaimsIdentity

这是保存功能:

public DateTime SaveWorker(WorkerAD worker, string mail = "")
{
    try
    {
        WindowsImpersonationContext impersonationContext = null;
        WindowsIdentity windowsIdentity = null;

        DirectoryEntry adsRoot = new DirectoryEntry(_directoryEntry);
        DirectoryEntry root = new DirectoryEntry(_directoryRootEntry);

        DirectoryEntry de = new DirectoryEntry();
        de.Path = "LDAP://" + root.Properties["dnsHostName"].Value + "/" + root.Properties["defaultNamingContext"].Value;

        de.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;
        DirectorySearcher searcher = new DirectorySearcher(adsRoot);
        if (String.IsNullOrEmpty(mail))
        {
            string user = HttpContext.Current.User.Identity.Name;
            searcher.Filter = $"(SAMAccountName={user.Replace("AD\\", "")})";
        }
        else
        {
            searcher.Filter = ("mail=" + mail);
        }
        SearchResult result = searcher.FindOne();

        windowsIdentity = HttpContext.Current.User.Identity.GetWindowsIdentity();
        impersonationContext = windowsIdentity.Impersonate();

        DirectoryEntry adUser = new DirectoryEntry(result.Path);

        adUser.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;

        adUser.Properties["telephoneNumber"].Value = worker.Telefon;
        adUser.Properties["mobile"].Value = worker.Mobile;
        adUser.Properties["facsimileTelephoneNumber"].Value = worker.Fax;
        adUser.Properties["title"].Value = worker.ADTitle;
        adUser.Properties["department"].Value = worker.Departement;

        adUser.CommitChanges();
        adUser.Close();

        return DateTime.Now;
    }
    catch (Exception)
    {

        throw;
    }
}

GetWindowsIdentity看起来像这样:

public static WindowsIdentity GetWindowsIdentity(this IIdentity identity)
{
    WindowsIdentity windowsIdentity = null;
    string upnFromClaim = null;
    System.Security.Claims.ClaimsIdentity identity2 = (System.Security.Claims.ClaimsIdentity)identity;
    foreach (System.Security.Claims.Claim claim in identity2.Claims)
    {
        //if (StringComparer.Ordinal.Equals(System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType))
        if (claim.Type.Contains("preferred_username"))
        {
            upnFromClaim = claim.Value;
            break;
        }
    }
    windowsIdentity = S4UClient.UpnLogon(upnFromClaim);

    return windowsIdentity;
}

我试图调整此处的代码: What is the best way to retrieve a WindowsIdentity from a ClaimsIdentity但它无效。

我收到以下错误:

  
    

System.Security.Claims.ClaimsIdentity     在net.pipe:// localhost / s4u / 022694f3-9fbd-422b-b4b2-312e25dae2a2上没有可以接受该消息的端点。这通常是由错误的地址或SOAP操作引起的。有关更多详细信息,请参阅InnerException(如果存在)。     enter image description here

  

知道如何实现这个目标吗?

0 个答案:

没有答案