ASP.NET透過AD進行驗證 #3 --WindowsIdentity 類別，一個怪怪的範例與程式

2009-02-12

在 System.Security.Principal命名空間（NameSapce）底下，
有一個 WindowsIdentity 類別，跟「Windows使用者」相關的。

裡面這個範例看得我一頭霧水....不如直接運作一次
直接看結果，還比較清楚。

在 System.Security.Principal命名空間（NameSapce）底下，

有一個 WindowsIdentity 類別，跟「Windows使用者」相關的。

官方文件在此：http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx

裡面這個範例看得我一頭霧水。（這是什麼翻譯啊？快點回火星去吧！地球是很危險～低！）

範例說明：

下列範例顯示 WindowsIdentity 類別中成員的用法。如需顯示如何透過呼叫 Unmanaged Win32 LogonUser 函式取得 Windows 帳戶語彙基元 (Token)，然後使用該語彙基元模擬其他使用者的範例，請參閱 WindowsImpersonationContext 類別。

不如直接運作一次直接看結果，還比較清楚。

下圖是執行結果（看完執行結果，再來對照程式碼。比較容易懂）。

程式是從微軟官方文件那邊來的，小改了幾個字。如下：

001

Imports System.Security.Principal
002

003

004

Partial Class NTAccount
005

Inherits System.Web.UI.Page
006

007

'===============================================
008

'== 下列範例顯示 WindowsIdentity 類別中，目前這位成員的用法。==
009

'===============================================
010

'
011

'==參考網址 http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx
012

013

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
014

' Retrieve the [Windows account token] for the current user.
015

Dim logonToken As IntPtr = WindowsIdentity.GetCurrent().Token
016

017

' Constructor implementations. 執行下面四個 Function
018

IntPtrConstructor(logonToken)
019

IntPtrStringConstructor(logonToken)
020

IntPtrStringTypeConstructor(logonToken)
021

IntPrtStringTypeBoolConstructor(logonToken)
022

023

' Property implementations.
024

UseProperties(logonToken) '--UseProperties()是下面的Function
025

026

' Method implementations.
027

GetAnonymousUser() '--GetAnonymousUser()是下面的Function
028

ImpersonateIdentity(logonToken) '--ImpersonateIdentity()是下面的Function
029

030

' Align interface and conclude application.
031

Response.Write(" <hr>程式完成。This sample completed ......successfully<hr>")
032

End Sub
033

034

' Create a WindowsIdentity object for the user represented by the
035

' specified Windows account token.
036

Private Sub IntPtrConstructor(ByVal logonToken As IntPtr)
037

' Construct a WindowsIdentity object using the input account token.
038

'重點！！一個參數
039

Dim windowsIdentity As New WindowsIdentity(logonToken)
040

041

Response.Write("Created a Windows identity object named ( IntPtrConstructor() )-- " + windowsIdentity.Name + ". ")
042

End Sub
043

044

' Create a WindowsIdentity object for the user represented by the
045

' [specified account token] and [authentication type].
046

Private Sub IntPtrStringConstructor(ByVal logonToken As IntPtr)
047

' Construct a WindowsIdentity object using the input account token
048

' and the specified authentication type.
049

Dim authenticationType = "WindowsAuthentication"
050

051

'重點！！兩個參數
052

Dim windowsIdentity As New WindowsIdentity(logonToken, authenticationType)
053

054

Response.Write("Created a Windows identity object named ( IntPtrStringConstructor() )-- " + windowsIdentity.Name + ". ")
055

End Sub
056

057

' Create a WindowsIdentity object for the user represented by the
058

' specified account token, authentication type, and Windows account type.
059

Private Sub IntPtrStringTypeConstructor(ByVal logonToken As IntPtr)
060

' Construct a WindowsIdentity object using the input account token,
061

' and the specified authentication type and Windows account type.
062

Dim authenticationType As String = "WindowsAuthentication"
063

Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
064

065

'重點！！三個參數
066

Dim windowsIdentity As _
067

New WindowsIdentity(logonToken, authenticationType, guestAccount)
068

069

Response.Write("Created a Windows identity object named ( IntPtrStringTypeConstructor() )--" + windowsIdentity.Name + ". ")
070

End Sub
071

072

' Create a WindowsIdentity object for the user represented by the
073

' specified account token, authentication type, Windows account type,
074

' and Boolean authentication flag.
075

Private Sub IntPrtStringTypeBoolConstructor(ByVal logonToken As IntPtr)
076

' Construct a WindowsIdentity object using the input account token,
077

' and the specified authentication type, Windows account type, and
078

' authentication flag.
079

Dim authenticationType As String = "WindowsAuthentication"
080

Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
081

Dim isAuthenticated As Boolean = True
082

083

'重點！！四個參數
084

Dim windowsIdentity As _
085

New WindowsIdentity(logonToken, authenticationType, guestAccount, isAuthenticated)
086

087

Response.Write("Created a Windows identity object named ( IntPrtStringTypeBoolConstructor() )--" + windowsIdentity.Name + ". ")
088

End Sub
089

090

' Access the properties of a WindowsIdentity object.
091

Private Sub UseProperties(ByVal logonToken As IntPtr)
092

Dim windowsIdentity As New WindowsIdentity(logonToken) '重點！！一個參數
093

Dim propertyDescription As String = " The Windows identity named -- "
094

095

' Retrieve the Windows logon name from the Windows identity object.
096

propertyDescription += "" + windowsIdentity.Name + ""
097

098

'--------------------------------------------------------------(start)--
099

' Verify that the user account is not considered to be an Anonymous
100

' account by the system.
101

If Not windowsIdentity.IsAnonymous Then
102

propertyDescription += " is not（非） an Anonymous（匿名） account "
103

End If
104

105

' Verify that the user account has been authenticated by Windows.
106

If (windowsIdentity.IsAuthenticated) Then
107

propertyDescription += ", is authenticated（已認證） "
108

End If
109

110

' Verify that the user account is considered to be a System account by
111

' the system.
112

If (windowsIdentity.IsSystem) Then
113

propertyDescription += ", is a System account（系統帳號） "
114

End If
115

116

' Verify that the user account is considered to be a Guest account by
117

' the system.
118

If (windowsIdentity.IsGuest) Then
119

propertyDescription += ", is a Guest account（Guest客人帳戶） "
120

End If
121

'--------------------------------------------------------------(end)--
122

123

Dim authenticationType As String = windowsIdentity.AuthenticationType
124

125

' Append the authenication type to the output message.
126

If (Not authenticationType Is Nothing) Then
127

propertyDescription += (" and uses " + authenticationType + " authentication type. ")
128

End If
129

130

Response.Write(propertyDescription)
131

132

' Display the SID for the owner.
133

Response.Write("<hr>The SID for the owner is : ")
134

Dim si As SecurityIdentifier = windowsIdentity.Owner
135

Response.Write("" + si.ToString() + " ")
136

137

'--------------------------------------------------------------(start)
138

' Display the SIDs for the groups the current user belongs to.
139

Response.Write("<hr>Display the SIDs for the groups the current user belongs to. 目前這名使用者隸屬於哪些群組？ ")
140

141

Dim irc As IdentityReferenceCollection = windowsIdentity.Groups
142

Dim ir As IdentityReference
143

144

For Each ir In irc
145

Response.Write("" + ir.Value + " ")
146

Next
147

'--------------------------------------------------------------(end)
148

149

Dim token As TokenImpersonationLevel = windowsIdentity.ImpersonationLevel
150

Response.Write(" The impersonation（模擬） level for the current user is : " + token.ToString() + " ")
151

End Sub
152

153

154

155

'-----------------------------------------------------------------------------------------------------------------------------
156

157

' Get the WindowsIdentity object for an Anonymous user.
158

Private Sub GetAnonymousUser()
159

' Retrieve a WindowsIdentity object that represents an anonymous
160

' Windows user.
161

Dim windowsIdentity As WindowsIdentity = windowsIdentity.GetAnonymous()
162

End Sub
163

164

165

' Impersonate a Windows identity.
166

Private Sub ImpersonateIdentity(ByVal logonToken As IntPtr)
167

' Retrieve the Windows identity using the specified token.
168

Dim windowsIdentity As New WindowsIdentity(logonToken)
169

170

' Create a WindowsImpersonationContext object by impersonating the Windows identity.
171

Dim impersonationContext As WindowsImpersonationContext = windowsIdentity.Impersonate()
172

173

Response.Write("Name of the identity after impersonation（模擬）: " + windowsIdentity.GetCurrent().Name + ". ")
174

175

' Stop impersonating the user.
176

impersonationContext.Undo()
177

' Check the identity.
178

Response.Write("Name of the identity after performing an Undo on the impersonation（模擬）: " + windowsIdentity.GetCurrent().Name + ".")
179

End Sub
180

181

End Class

認證型態，在單機裡面，會是NTLM。(如上圖，我的電腦是Windows Vista)

如果你的電腦有加入AD網域，則會是「Kerberos」認證型態。

又臭又長.......的一段程式..... Orz

Oh! My God!

我將思想傳授他人，他人之所得，亦無損於我之所有；

猶如一人以我的燭火點燭，光亮與他同在，我卻不因此身處黑暗。----Thomas Jefferson

線上課程教學，遠距教學 (Web Form 約 51hr) https://dotblogs.com.tw/mis2000lab/2016/02/01/aspnet_online_learning_distance_education_VS2015

線上課程教學，遠距教學 (ASP.NET MVC 約 140hr) https://dotblogs.com.tw/mis2000lab/2018/08/14/ASPnet_MVC_Online_Learning_MIS2000Lab

寫信給我，不要私訊 -- mis2000lab (at) yahoo.com.tw 或 school (at) mis2000lab.net

(1) 第一天 ASP.NET MVC5 完整影片（5.5小時 / .NET 4.x版）免費試聽。影片 https://youtu.be/9spaHik87-A

(2) 第一天 ASP.NET Core MVC 完整影片（3小時 / .NET Core 6.0~8.0）免費試聽。影片 https://youtu.be/TSmwpT-Bx4I

[學員感言] mis2000lab課程評價 - ASP.NET MVC , WebForm 。 https://mis2000lab.medium.com/%E5%AD%B8%E5%93%A1%E6%84%9F%E8%A8%80-mis2000lab%E8%AA%B2%E7%A8%8B%E8%A9%95%E5%83%B9-asp-net-mvc-webform-77903ce9680b

ASP.NET遠距教學、線上課程（Web Form + MVC）。第一天課程， "完整" 試聽。

......... facebook社團 https://www.facebook.com/mis2000lab ......................

......... YouTube (ASP.NET) 線上教學影片 https://www.youtube.com/channel/UC6IPPf6tvsNG8zX3u1LddvA/

Blog文章 "附的範例" 無法下載，請看 https://dotblogs.com.tw/mis2000lab/2016/03/14/2008_2015_mis2000lab_sample_download

請看我們的「售後服務」範圍（嚴格認定）。

......................................................................................................................................................

ASP.NET MVC => .NET Core MVC 線上教學 ...... 第一天課程完整內容 "免費"讓您評估 / 試聽

[遠距教學、教學影片] ASP.NET (Web Form) 課程上線了！MIS2000Lab.主講事先錄好的影片，並非上課側錄！觀看時，有如「一對一」面對面講課。

回首頁

ASP.NET專題實務 WebForm + MVC線上教學影片 -- MIS2000Lab.

MIS2000 Lab.已推出20餘本電腦書，曾任資策會專任講師與微軟MVP。自.NET 1.x起，已出版15本ASP.NET (Web Form)書籍，也有遠距教學線上教程教學影片