ASP.NET透過AD進行驗證 #3 --WindowsIdentity 類別,一個怪怪的範例與程式

在 System.Security.Principal命名空間(NameSapce)底下,
有一個 WindowsIdentity 類別,跟「Windows使用者」相關的。

裡面這個範例看得我一頭霧水....不如直接運作一次
直接看結果,還比較清楚。

System.Security.Principal命名空間(NameSapce)底下,

有一個 WindowsIdentity 類別,跟「Windows使用者」相關的。

    官方文件在此:http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx

 

裡面這個範例看得我一頭霧水。這是什麼翻譯啊?快點回火星去吧!地球是很危險~低!)

範例說明:

下列範例顯示 WindowsIdentity 類別中成員的用法。如需顯示如何透過呼叫 Unmanaged Win32 LogonUser 函式取得 Windows 帳戶語彙基元 (Token),然後使用該語彙基元模擬其他使用者的範例,請參閱 WindowsImpersonationContext 類別。

 

不如直接運作一次      直接看結果,還比較清楚。

 

下圖是執行結果(看完執行結果,再來對照程式碼。比較容易懂)。

 

 

程式是從微軟官方文件那邊來的,小改了幾個字。如下:

001 Imports System.Security.Principal
002
003
004 Partial Class NTAccount
005     Inherits System.Web.UI.Page
006
007     '===============================================
008     '== 下列範例顯示 WindowsIdentity 類別中,目前這位成員的用法。==
009     '===============================================
010     '
011     '==參考網址 http://msdn.microsoft.com/zh-tw/library/system.security.principal.windowsidentity.aspx
012
013     Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
014         ' Retrieve the [Windows account token] for the current user.
015         Dim logonToken As IntPtr = WindowsIdentity.GetCurrent().Token
016
017         ' Constructor implementations. 執行下面四個 Function
018         IntPtrConstructor(logonToken)
019         IntPtrStringConstructor(logonToken)
020         IntPtrStringTypeConstructor(logonToken)
021         IntPrtStringTypeBoolConstructor(logonToken)
022
023         ' Property implementations.
024         UseProperties(logonToken)  '--UseProperties()是下面的Function
025
026         ' Method implementations.
027         GetAnonymousUser()   '--GetAnonymousUser()是下面的Function
028         ImpersonateIdentity(logonToken)   '--ImpersonateIdentity()是下面的Function
029
030         ' Align interface and conclude application.
031         Response.Write("<br><br><hr>程式完成。This sample completed ......successfully<hr>")
032     End Sub

033
034     ' Create a WindowsIdentity object for the user represented by the
035     ' specified Windows account token.
036     Private Sub IntPtrConstructor(ByVal logonToken As IntPtr)
037         ' Construct a WindowsIdentity object using the input account token.
038         '重點!!一個參數
039         Dim windowsIdentity As New WindowsIdentity(logonToken)
040
041         Response.Write("Created a Windows identity object named ( IntPtrConstructor() )-- <font color=red>" + windowsIdentity.Name + "</font>.<br>")
042     End Sub

043
044     ' Create a WindowsIdentity object for the user represented by the
045     ' [specified account token] and [authentication type].
046     Private Sub IntPtrStringConstructor(ByVal logonToken As IntPtr)
047         ' Construct a WindowsIdentity object using the input account token  
048         ' and the specified authentication type.
049         Dim authenticationType = "WindowsAuthentication"
050
051         '重點!!兩個參數
052         Dim windowsIdentity As New WindowsIdentity(logonToken, authenticationType)
053
054         Response.Write("Created a Windows identity object named ( IntPtrStringConstructor() )-- <font color=red>" + windowsIdentity.Name + "</font>.<br>")
055     End Sub

056
057     ' Create a WindowsIdentity object for the user represented by the
058     ' specified account token, authentication type, and Windows account type.
059     Private Sub IntPtrStringTypeConstructor(ByVal logonToken As IntPtr)
060         ' Construct a WindowsIdentity object using the input account token,
061         ' and the specified authentication type and Windows account type.
062         Dim authenticationType As String = "WindowsAuthentication"
063         Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
064
065         '重點!!三個參數
066         Dim windowsIdentity As _
067             New WindowsIdentity(logonToken, authenticationType, guestAccount)
068
069         Response.Write("Created a Windows identity object named ( IntPtrStringTypeConstructor() )--<font color=red>" + windowsIdentity.Name + "</font>.<br>")
070     End Sub

071
072     ' Create a WindowsIdentity object for the user represented by the
073     ' specified account token, authentication type, Windows account type,
074     ' and Boolean authentication flag.
075     Private Sub IntPrtStringTypeBoolConstructor(ByVal logonToken As IntPtr)
076         ' Construct a WindowsIdentity object using the input account token,
077         ' and the specified authentication type, Windows account type, and
078         ' authentication flag.
079         Dim authenticationType As String = "WindowsAuthentication"
080         Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
081         Dim isAuthenticated As Boolean = True
082
083         '重點!!四個參數
084         Dim windowsIdentity As _
085             New WindowsIdentity(logonToken, authenticationType, guestAccount, isAuthenticated)
086
087         Response.Write("Created a Windows identity object named ( IntPrtStringTypeBoolConstructor() )--<font color=red>" + windowsIdentity.Name + "</font>.<br>")
088     End Sub

089
090     ' Access the properties of a WindowsIdentity object.
091     Private Sub UseProperties(ByVal logonToken As IntPtr)
092         Dim windowsIdentity As New WindowsIdentity(logonToken)  '重點!!一個參數
093         Dim propertyDescription As String = "<br>The Windows identity named -- "
094
095         ' Retrieve the Windows logon name from the Windows identity object.
096         propertyDescription += "<font color=red>" + windowsIdentity.Name + "</font>"
097
098         '--------------------------------------------------------------(start)--
099         ' Verify that the user account is not considered to be an Anonymous
100         ' account by the system.
101         If Not windowsIdentity.IsAnonymous Then
102             propertyDescription += " is not(非) an Anonymous(匿名) account<br>"
103         End If
104
105         ' Verify that the user account has been authenticated by Windows.
106         If (windowsIdentity.IsAuthenticated) Then
107             propertyDescription += ", is authenticated(已認證)<br>"
108         End If
109
110         ' Verify that the user account is considered to be a System account by
111         ' the system.
112         If (windowsIdentity.IsSystem) Then
113             propertyDescription += ", is a System account(系統帳號)<br>"
114         End If
115
116         ' Verify that the user account is considered to be a Guest account by
117         ' the system.
118         If (windowsIdentity.IsGuest) Then
119             propertyDescription += ", is a Guest account(Guest客人帳戶)<br>"
120         End If
121         '--------------------------------------------------------------(end)--
122
123         Dim authenticationType As String = windowsIdentity.AuthenticationType
124
125         ' Append the authenication type to the output message.
126         If (Not authenticationType Is Nothing) Then
127             propertyDescription += (" and uses <font color=red>" + authenticationType + "</font> authentication type.<br>")
128         End If
129
130         Response.Write(propertyDescription)
131
132         ' Display the SID for the owner.
133         Response.Write("<hr>The SID for the owner is : ")
134         Dim si As SecurityIdentifier = windowsIdentity.Owner
135         Response.Write("<font color=red>" + si.ToString() + "</font><br>")
136
137         '--------------------------------------------------------------(start)
138         ' Display the SIDs for the groups the current user belongs to.
139         Response.Write("<hr>Display the SIDs for the groups the current user belongs to. 目前這名使用者隸屬於哪些群組?<br>")
140
141         Dim irc As IdentityReferenceCollection = windowsIdentity.Groups
142         Dim ir As IdentityReference
143
144         For Each ir In irc
145             Response.Write("<font color=green>" + ir.Value + "</font><br>")
146         Next
147         '--------------------------------------------------------------(end)
148
149         Dim token As TokenImpersonationLevel = windowsIdentity.ImpersonationLevel
150         Response.Write("<br>The impersonation(模擬) level for the current user is :   <font color=red>" + token.ToString() + "</font><br>")
151     End Sub

152
153
154
155     '-----------------------------------------------------------------------------------------------------------------------------
156
157     ' Get the WindowsIdentity object for an Anonymous user.
158     Private Sub GetAnonymousUser()
159         ' Retrieve a WindowsIdentity object that represents an anonymous
160         ' Windows user.
161         Dim windowsIdentity As WindowsIdentity = windowsIdentity.GetAnonymous()
162     End Sub

163
164
165     ' Impersonate a Windows identity.
166     Private Sub ImpersonateIdentity(ByVal logonToken As IntPtr)
167         ' Retrieve the Windows identity using the specified token.
168         Dim windowsIdentity As New WindowsIdentity(logonToken)
169
170         ' Create a WindowsImpersonationContext object by impersonating the Windows identity.
171         Dim impersonationContext As WindowsImpersonationContext = windowsIdentity.Impersonate()
172
173         Response.Write("Name of the identity after impersonation(模擬): <font color=red>" + windowsIdentity.GetCurrent().Name + "</font>.<br>")
174
175         ' Stop impersonating the user.
176         impersonationContext.Undo()
177         ' Check the identity.
178         Response.Write("Name of the identity after performing an <b>Undo</b> on the impersonation(模擬): <font color=red>" + windowsIdentity.GetCurrent().Name + "</font>.")
179     End Sub

180
181 End Class

 

認證型態,在單機裡面,會是NTLM。(如上圖,我的電腦是Windows Vista)

                    如果你的電腦有加入AD網域,則會是「Kerberos」認證型態。

 

 

 又臭又長.......的一段程式.....     Orz

Oh! My God!    

 

 

 

 

 

我將思想傳授他人, 他人之所得,亦無損於我之所有;

猶如一人以我的燭火點燭,光亮與他同在,我卻不因此身處黑暗。----Thomas Jefferson

線上課程教學,遠距教學 (Web Form 約 51hr)  https://dotblogs.com.tw/mis2000lab/2016/02/01/aspnet_online_learning_distance_education_VS2015

線上課程教學,遠距教學 (ASP.NET MVC 約 135hr)  https://dotblogs.com.tw/mis2000lab/2018/08/14/ASPnet_MVC_Online_Learning_MIS2000Lab

 

寫信給我,不要私訊 --  mis2000lab (at) yahoo.com.tw  或  school (at) mis2000lab.net

 (1) 第一天 ASP.NET MVC5 完整影片(5.5小時 / .NET 4.x版)免費試聽。影片 https://youtu.be/9spaHik87-A 

 (2) 第一天 ASP.NET Core MVC 完整影片(3小時 / .NET Core 6.0~8.0)免費試聽。影片 https://youtu.be/TSmwpT-Bx4I 

[學員感言] mis2000lab課程評價 - ASP.NET MVC , WebForm  。 https://mis2000lab.medium.com/%E5%AD%B8%E5%93%A1%E6%84%9F%E8%A8%80-mis2000lab%E8%AA%B2%E7%A8%8B%E8%A9%95%E5%83%B9-asp-net-mvc-webform-77903ce9680b  


ASP.NET遠距教學、線上課程(Web Form + MVC)。 第一天課程, "完整" 試聽。 

.........   facebook社團   https://www.facebook.com/mis2000lab   ......................

.........  YouTube (ASP.NET) 線上教學影片  https://www.youtube.com/channel/UC6IPPf6tvsNG8zX3u1LddvA/

 

Blog文章 "附的範例" 無法下載,請看 https://dotblogs.com.tw/mis2000lab/2016/03/14/2008_2015_mis2000lab_sample_download

請看我們的「售後服務」範圍(嚴格認定)。

...................................................................................................................................................... 

ASP.NET MVC  => .NET Core MVC 線上教學  ...... 第一天課程 完整內容 "免費"讓您評估 / 試聽

[遠距教學、教學影片] ASP.NET (Web Form) 課程 上線了!MIS2000Lab.主講   事先錄好的影片,並非上課側錄!   觀看時,有如「一對一」面對面講課