我有一个受 Siteminder 保护的 ASP.NET MVC 网站。认证后。Siteminder 注入自定义标头值并重定向到我的 MVc 网站。在这里,我试图解析 Global.asax.cs 中 Application_AuthenticateRequest 方法中的标头

 //Logging incoming request to check header for debug purposes
 protected void Application_BeginRequest(object sender, EventArgs e)
            Elmah.ErrorSignal.FromCurrentContext().Raise(new ApplicationException("Begin Request. \n REQUEST HEADER =" + HttpContext.Current.Request.Headers.ToString() + " \n"));


protected void Application_AuthenticateRequest(object sender, EventArgs e)

            if (HttpContext.Current.User == null)
                var smcred = ParseAuthorizationHeader(HttpContext.Current.Request);
                if (smcred.Username != null)
                    if (Membership.ValidateUser(smcred.Username, null))
                        FormsAuthentication.SetAuthCookie(smcred.Username, false);
                        var identity = new GenericIdentity(smcred.Username);
                        string[] roles = null;// Roles.Provider.GetRolesForUser(smcred.SMUser);
                        var principal = new GenericPrincipal(identity, roles);

                        Thread.CurrentPrincipal = principal;
                        if (HttpContext.Current != null)
                            HttpContext.Current.User = principal;
                        Context.Response.StatusCode = 401;

        /// <summary>
        /// Parses the Authorization header and creates user credentials
        /// </summary>
        /// <param name="actionContext"></param>
        protected virtual SiteminderCredentials ParseAuthorizationHeader(HttpRequest request)
            string authHeader = null;
            var smcredential = new SiteminderCredentials();
            var auth = request.Headers.Keys; //request.ServerVariables.Keys;

            foreach (string LstrKey in auth)
                switch (LstrKey.ToUpper())
                    case "USER":
                        smcredential.Username = request.Headers[LstrKey].ToString();

                return smcredential;



using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace PerceptorWeb.Models
    public class SiteminderCredentials

            public string Username;
            public string FirstName;
            public string LastName;
            public string EmailAddr;


我在 IIS 上安装了高级日志记录,我看到自定义标头信息从 Siteminder 很好地传递到我的 IIS 托管站点。但是,当我的 authenticate_request 尝试解析标头时,找不到这些自定义值。



