13

我有一个用 MVC 4 编写的 Intranet 项目,它使用 Windows 身份验证来授权和验证用户。

我需要添加“以其他用户身份登录”功能。

经过一番搜索,我找到了这个建议返回 401 的解决方案,并创建了以下操作(使用表单调用):

    // 
    // POST: /Home/LogOut

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult LogOut()
    {
        return new HttpUnauthorizedResult();
    }

Action 被调用,浏览器弹出用户名和密码窗口,但是当结果重定向回 Action 时,总是返回 401。

使用新凭据登录后,如何将用户重定向回上一个操作?

有没有办法使服务器端的凭据无效,而不仅仅是返回 401?

4

3 回答 3

25

人们从 Sharepoint逆向工程\反编译了一些恰好具有此功能的代码。

我在一个ASP.NET MVC 5应用程序中对其进行了测试,它按预期工作。

该代码基于反编译具有“以不同用户身份登录”功能的 Microsoft.TeamFoundation.WebAccess。

public ActionResult LogOut()
{
    HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

    if(User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value))
    {
        string name = string.Empty;

        if(Request.IsAuthenticated)
        {
            name = User.Identity.Name;
        }

        cookie = new HttpCookie("TSWA-Last-User", name);
        Response.Cookies.Set(cookie);

        Response.AppendHeader("Connection", "close");
        Response.StatusCode = 401; // Unauthorized;
        Response.Clear();
        //should probably do a redirect here to the unauthorized/failed login page
        //if you know how to do this, please tap it on the comments below
        Response.Write("Unauthorized. Reload the page to try again...");
        Response.End();

        return RedirectToAction("Index");
    }

    cookie = new HttpCookie("TSWA-Last-User", string.Empty)
    {
        Expires = DateTime.Now.AddYears(-5)
    };

    Response.Cookies.Set(cookie);

    return RedirectToAction("Index");

}

资源:

在 asp.net 中使用 Windows 身份验证时强制以其他用户身份登录

于 2014-09-04T18:12:44.683 回答
0

此方法将始终注销用户并重定向到主页。我还添加[AllowAnonymous]以确保每个人都可以访问此方法。

    [AllowAnonymous]
    public ActionResult LogOut()
    {
        HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

        cookie = new HttpCookie("TSWA-Last-User", string.Empty)
        {
            Expires = DateTime.Now.AddYears(-5)
        };
        Response.Cookies.Set(cookie);

        Response.AppendHeader("Connection", "close");
        Response.StatusCode = 401; // Unauthorized;
        Response.Clear();

        // redirect to home
        Response.Write("<script type='text/javascript'>");
        Response.Write("var getUrl = window.location; var baseUrl = getUrl.protocol + " + 
           "'//' + getUrl.host + '/' + getUrl.pathname.split('/')[1]; window.location.href = baseUrl; ");
        Response.Write("</script>");
        Response.End();           

        return RedirectToAction("Index");

    }
于 2017-03-31T09:57:13.687 回答
0

对我来说,这样做:

 public ActionResult LogOut()
{
    HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

if(User.Identity.IsAuthenticated == false || cookie == null
{
    string name = string.Empty;

    if(Request.IsAuthenticated)
    {
        name = User.Identity.Name;
    }

    cookie = new HttpCookie("TSWA-Last-User", name);
    Response.Cookies.Set(cookie);

    Response.AppendHeader("Connection", "close");
    Response.StatusCode = 401; // Unauthorized;
    Response.Clear();
    //should probably do a redirect here to the unauthorized/failed login page
    //if you know how to do this, please tap it on the comments below
    Response.Write("Unauthorized. Reload the page to try again...");
    Response.End();

    return RedirectToAction("Index");
}

cookie = new HttpCookie("TSWA-Last-User", string.Empty)
{
    Expires = DateTime.Now.AddYears(-5)
};

Response.Cookies.Set(cookie);

return RedirectToAction("Index");

}

并在 html

   <a href="@Url.Action("LogOut", "Home")" class="logout"><i class="fa fa-fw fa-power-off"></i> Salir</a>

   $(".logout").click(function () {
            logOut();
        });


    function logOut() {
        try {
            document.execCommand("ClearAuthenticationCache");
        } catch (e) { }
    }
于 2018-03-21T21:21:15.737 回答