在我的ASP .NET MVC5 WebApp中,我使用Owin Identity登录@ domain.com凭据并使用office 365 API Microsoft Graph获取数据。
WebApp的另一个功能是从Active Directory读取数据并允许用户修改它。
我正在尝试从当前的ClaimsIdentity获取WindowsIdentity,其类型为System.Security.Claims.ClaimsIdentity
这是保存功能:
public DateTime SaveWorker(WorkerAD worker, string mail = "")
{
try
{
WindowsImpersonationContext impersonationContext = null;
WindowsIdentity windowsIdentity = null;
DirectoryEntry adsRoot = new DirectoryEntry(_directoryEntry);
DirectoryEntry root = new DirectoryEntry(_directoryRootEntry);
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://" + root.Properties["dnsHostName"].Value + "/" + root.Properties["defaultNamingContext"].Value;
de.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;
DirectorySearcher searcher = new DirectorySearcher(adsRoot);
if (String.IsNullOrEmpty(mail))
{
string user = HttpContext.Current.User.Identity.Name;
searcher.Filter = $"(SAMAccountName={user.Replace("AD\\", "")})";
}
else
{
searcher.Filter = ("mail=" + mail);
}
SearchResult result = searcher.FindOne();
windowsIdentity = HttpContext.Current.User.Identity.GetWindowsIdentity();
impersonationContext = windowsIdentity.Impersonate();
DirectoryEntry adUser = new DirectoryEntry(result.Path);
adUser.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;
adUser.Properties["telephoneNumber"].Value = worker.Telefon;
adUser.Properties["mobile"].Value = worker.Mobile;
adUser.Properties["facsimileTelephoneNumber"].Value = worker.Fax;
adUser.Properties["title"].Value = worker.ADTitle;
adUser.Properties["department"].Value = worker.Departement;
adUser.CommitChanges();
adUser.Close();
return DateTime.Now;
}
catch (Exception)
{
throw;
}
}
GetWindowsIdentity
看起来像这样:
public static WindowsIdentity GetWindowsIdentity(this IIdentity identity)
{
WindowsIdentity windowsIdentity = null;
string upnFromClaim = null;
System.Security.Claims.ClaimsIdentity identity2 = (System.Security.Claims.ClaimsIdentity)identity;
foreach (System.Security.Claims.Claim claim in identity2.Claims)
{
//if (StringComparer.Ordinal.Equals(System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType))
if (claim.Type.Contains("preferred_username"))
{
upnFromClaim = claim.Value;
break;
}
}
windowsIdentity = S4UClient.UpnLogon(upnFromClaim);
return windowsIdentity;
}
我试图调整此处的代码: What is the best way to retrieve a WindowsIdentity from a ClaimsIdentity但它无效。
我收到以下错误:
System.Security.Claims.ClaimsIdentity 在net.pipe:// localhost / s4u / 022694f3-9fbd-422b-b4b2-312e25dae2a2上没有可以接受该消息的端点。这通常是由错误的地址或SOAP操作引起的。有关更多详细信息,请参阅InnerException(如果存在)。
知道如何实现这个目标吗?