ASP.NET 透過AD進行驗證 #3 –WindowsIdentity 類別,一個怪怪的範例與程式

張貼者

ASP.NET透過AD進行驗證 #3 –WindowsIdentity 類別,一個怪怪的範例與程式 – MIS2000 Lab.的 ASP.NET專題實務/教學與分享- 點部落

在 System.Security.Principal命名空間(NameSapce)底下,

有一個 WindowsIdentity 類別,跟「Windows使用者」相關的。

官方文件在此:http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx

裡面這個範例看得我一頭霧水。(這是什麼翻譯啊?快點回火星去吧!地球是很危險~低!)

範例說明:

下列範例顯示 WindowsIdentity 類別中成員的用法。如需顯示如何透過呼叫 Unmanaged Win32 LogonUser 函式取得 Windows 帳戶語彙基元 (Token),然後使用該語彙基元模擬其他使用者的範例,請參閱 WindowsImpersonationContext 類別。

不如直接運作一次 直接看結果,還比較清楚。

下圖是執行結果(看完執行結果,再來對照程式碼。比較容易懂)。

程式是從微軟官方文件那邊來的,小改了幾個字。如下:
001 Imports …System.Security.Principal
002
003
004 Partial Class NTAccount
005 Inherits System.Web.UI.Page
006
007 ‘===============================================
008 ‘== 下列範例顯示 WindowsIdentity 類別中,目前這位成員的用法。==
009 ‘===============================================
010 ‘
011 ‘==參考網址 http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx
012
013 Protected Sub Page_Load() Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
014 ‘ Retrieve the [Windows account token] for the current user.
015 Dim logonToken As IntPtr = WindowsIdentity.GetCurrent().Token
016
017 ‘ Constructor implementations. 執行下面四個 Function
018 IntPtrConstructor(logonToken)
019 IntPtrStringConstructor(logonToken)
020 IntPtrStringTypeConstructor(logonToken)
021 IntPrtStringTypeBoolConstructor(logonToken)
022
023 ‘ Property implementations.
024 UseProperties(logonToken) ‘–UseProperties()是下面的Function
025
026 ‘ Method implementations.
027 GetAnonymousUser() ‘–GetAnonymousUser()是下面的Function
028 ImpersonateIdentity(logonToken) ‘–ImpersonateIdentity()是下面的Function
029
030 ‘ Align interface and conclude application.
031 Response.Write(“

程式完成。This sample completed ……successfully
“)
032 End Sub
033
034 ‘ Create a WindowsIdentity object for the user represented by the
035 ‘ specified Windows account token.
036 Private Sub IntPtrConstructor() Sub IntPtrConstructor(ByVal logonToken As IntPtr)
037 ‘ Construct a WindowsIdentity object using the input account token.
038 ‘重點!!一個參數
039 Dim windowsIdentity As New WindowsIdentity(logonToken)
040
041 Response.Write(“Created a Windows identity object named ( IntPtrConstructor() )– " + windowsIdentity.Name + “.
“)
042 End Sub
043
044 ‘ Create a WindowsIdentity object for the user represented by the
045 ‘ [specified account token] and [authentication type].
046 Private Sub IntPtrStringConstructor() Sub IntPtrStringConstructor(ByVal logonToken As IntPtr)
047 ‘ Construct a WindowsIdentity object using the input account token
048 ‘ and the specified authentication type.
049 Dim authenticationType = “WindowsAuthentication"
050
051 ‘重點!!兩個參數
052 Dim windowsIdentity As New WindowsIdentity(logonToken, authenticationType)
053
054 Response.Write(“Created a Windows identity object named ( IntPtrStringConstructor() )– " + windowsIdentity.Name + “.
“)
055 End Sub
056
057 ‘ Create a WindowsIdentity object for the user represented by the
058 ‘ specified account token, authentication type, and Windows account type.
059 Private Sub IntPtrStringTypeConstructor() Sub IntPtrStringTypeConstructor(ByVal logonToken As IntPtr)
060 ‘ Construct a WindowsIdentity object using the input account token,
061 ‘ and the specified authentication type and Windows account type.
062 Dim authenticationType As String = “WindowsAuthentication"
063 Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
064
065 ‘重點!!三個參數
066 Dim windowsIdentity As _
067 New WindowsIdentity(logonToken, authenticationType, guestAccount)
068
069 Response.Write(“Created a Windows identity object named ( IntPtrStringTypeConstructor() )–" + windowsIdentity.Name + “.
“)
070 End Sub
071
072 ‘ Create a WindowsIdentity object for the user represented by the
073 ‘ specified account token, authentication type, Windows account type,
074 ‘ and Boolean authentication flag.
075 Private Sub IntPrtStringTypeBoolConstructor() Sub IntPrtStringTypeBoolConstructor(ByVal logonToken As IntPtr)
076 ‘ Construct a WindowsIdentity object using the input account token,
077 ‘ and the specified authentication type, Windows account type, and
078 ‘ authentication flag.
079 Dim authenticationType As String = “WindowsAuthentication"
080 Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
081 Dim isAuthenticated As Boolean = True
082
083 ‘重點!!四個參數
084 Dim windowsIdentity As _
085 New WindowsIdentity(logonToken, authenticationType, guestAccount, isAuthenticated)
086
087 Response.Write(“Created a Windows identity object named ( IntPrtStringTypeBoolConstructor() )–" + windowsIdentity.Name + “.
“)
088 End Sub
089
090 ‘ Access the properties of a WindowsIdentity object.
091 Private Sub UseProperties() Sub UseProperties(ByVal logonToken As IntPtr)
092 Dim windowsIdentity As New WindowsIdentity(logonToken) ‘重點!!一個參數
093 Dim propertyDescription As String = “
The Windows identity named — “
094
095 ‘ Retrieve the Windows logon name from the Windows identity object.
096 propertyDescription += “" + windowsIdentity.Name + “
097
098 ‘————————————————————–(start)–
099 ‘ Verify that the user account is not considered to be an Anonymous
100 ‘ account by the system.
101 If Not windowsIdentity.IsAnonymous Then
102 propertyDescription += " is not(非) an Anonymous(匿名) account

103 End If
104
105 ‘ Verify that the user account has been authenticated by Windows.
106 If (windowsIdentity.IsAuthenticated) Then
107 propertyDescription += “, is authenticated(已認證)

108 End If
109
110 ‘ Verify that the user account is considered to be a System account by
111 ‘ the system.
112 If (windowsIdentity.IsSystem) Then
113 propertyDescription += “, is a System account(系統帳號)

114 End If
115
116 ‘ Verify that the user account is considered to be a Guest account by
117 ‘ the system.
118 If (windowsIdentity.IsGuest) Then
119 propertyDescription += “, is a Guest account(Guest客人帳戶)

120 End If
121 ‘————————————————————–(end)–
122
123 Dim authenticationType As String = windowsIdentity.AuthenticationType
124
125 ‘ Append the authenication type to the output message.
126 If (Not authenticationType Is Nothing) Then
127 propertyDescription += (" and uses " + authenticationType + “ authentication type.
“)
128 End If
129
130 Response.Write(propertyDescription)
131
132 ‘ Display the SID for the owner.
133 Response.Write(“
The SID for the owner is : “)
134 Dim si As SecurityIdentifier = windowsIdentity.Owner
135 Response.Write(“" + si.ToString() + “
“)
136
137 ‘————————————————————–(start)
138 ‘ Display the SIDs for the groups the current user belongs to.
139 Response.Write(“
Display the SIDs for the groups the current user belongs to. 目前這名使用者隸屬於哪些群組?
“)
140
141 Dim irc As IdentityReferenceCollection = windowsIdentity.Groups
142 Dim ir As IdentityReference
143
144 For Each ir In irc
145 Response.Write(“" + ir.Value + “
“)
146 Next
147 ‘————————————————————–(end)
148
149 Dim token As TokenImpersonationLevel = windowsIdentity.ImpersonationLevel
150 Response.Write(“
The impersonation(模擬) level for the current user is : " + token.ToString() + “
“)
151 End Sub
152
153
154
155 ‘—————————————————————————————————————————–
156
157 ‘ Get the WindowsIdentity object for an Anonymous user.
158 Private Sub GetAnonymousUser() Sub GetAnonymousUser()
159 ‘ Retrieve a WindowsIdentity object that represents an anonymous
160 ‘ Windows user.
161 Dim windowsIdentity As WindowsIdentity = windowsIdentity.GetAnonymous()
162 End Sub
163
164
165 ‘ Impersonate a Windows identity.
166 Private Sub ImpersonateIdentity() Sub ImpersonateIdentity(ByVal logonToken As IntPtr)
167 ‘ Retrieve the Windows identity using the specified token.
168 Dim windowsIdentity As New WindowsIdentity(logonToken)
169
170 ‘ Create a WindowsImpersonationContext object by impersonating the Windows identity.
171 Dim impersonationContext As WindowsImpersonationContext = windowsIdentity.Impersonate()
172
173 Response.Write(“Name of the identity after impersonation(模擬): " + windowsIdentity.GetCurrent().Name + “.
“)
174
175 ‘ Stop impersonating the user.
176 impersonationContext.Undo()
177 ‘ Check the identity.
178 Response.Write(“Name of the identity after performing an Undo on the impersonation(模擬): " + windowsIdentity.GetCurrent().Name + “.")
179 End Sub
180
181 End Class

認證型態,在單機裡面,會是NTLM。(如上圖,我的電腦是Windows Vista)

如果你的電腦有加入AD網域,則會是「Kerberos」認證型態。

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

What is 4 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)