C#: Windows Authentication - Benutzerwechsel


iLu_is_a_loser

Erfahrenes Mitglied
Hey

ich versuch mich gerade an einer kleinen Intranetanwendung. Ich scheiter aber gerade daran die Benutzerwechsel-Funktion sauber reinzubringen.

Ich habe das hier zur Hilfe genommen:
http://www.roelvanlisdonk.nl/?p=825

Doch bei mir will es nicht so richtig. Wenn ich die Seite aufrufe kommt das Login-Fenster 3x und danach erscheint einfach eine leere weiße Seite :( Wenn ich dann manuell den Link in der Adressleiste abänder um zur Startseite zu gelangen, bin ich auch mit dem anderen Benutzer angemeldet, aber warum werde ich nicht gleich bei erfolgreicher eingabe dahin verlinkt?

PHP:
public partial class ChangeUser

    {        

        
private int _authenticationAttempts = 0;        

        
public int AuthenticationAttempts

        {

            
get

            {

                
if (!string.IsNullOrEmpty(string.Format("{0}", HttpContext.Current.Session["AuthenticationAttempts"])))

                {

                    
int.TryParse(HttpContext.Current.Session["AuthenticationAttempts"].ToString(), out _authenticationAttempts);

                }


                
return _authenticationAttempts;

            }

            
set

            {

                
_authenticationAttempts = value;

                
HttpContext.Current.Session["AuthenticationAttempts"] = _authenticationAttempts;

            }

        }

        
private string _currentUser = string.Empty;

        
public string CurrentUser

        {

            
get

            {

                
_currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;

                
HttpContext.Current.Session["CurrentUser"] = _currentUser;

                
return _currentUser;

            }

            
set

            {

                
_currentUser = value;

                
HttpContext.Current.Session["CurrentUser"] = _currentUser;

            }

        }

        
private string _previousUser = string.Empty;

        
public string PreviousUser

        {

            
get

            {

                
_previousUser = string.Format("{0}", HttpContext.Current.Session["PreviousUser"]);

                
return _previousUser;

            }

            
set

            {

                
_previousUser = value;

                
HttpContext.Current.Session["PreviousUser"] = _previousUser;

            }

        }


        
/// <summary>

        
/// Make sure the browser does not cache this page

        
/// </summary>

        
public void DisablePageCaching()

        {

            
HttpContext.Current.Response.Expires = 0;

            
HttpContext.Current.Response.Cache.SetNoStore();

            
HttpContext.Current.Response.AppendHeader("Pragma", "no-cache");

        }

        
/// <summary>

        
/// Send a 401 response

        
/// </summary>

        
public void Send401()

        {

            
// Create a 401 response, the browser will show the log-in dialogbox, asking the user to supply new credentials,             // if browser is not set to "automaticaly sign in with current credentials"

            
HttpContext.Current.Response.Buffer = true;

            
HttpContext.Current.Response.StatusCode = 401;

            
HttpContext.Current.Response.StatusDescription = "Unauthorized";


            
// A authentication header must be supplied. This header can be changed to Negotiate when using keberos authentication

            
HttpContext.Current.Response.AddHeader("WWW-Authenticate", "NTLM");


            
// Send the 401 response

            
HttpContext.Current.Response.End();

        }

    }
PHP:
@{

    
var ChangeUser = new Intranet.Models.ChangeUser();

    
var PreviousUser = ChangeUser.PreviousUser.ToString();

    
var CurrentUser = ChangeUser.CurrentUser.ToString();

    
var FirstUser = ChangeUser.CurrentUser.ToString();

    
var i = ChangeUser.AuthenticationAttempts.ToString();

    
int AuthenticationAttempts = Convert.ToInt32(i) + 1;

    

    
ViewBag.Title = "ChangeUser";


    
ChangeUser.DisablePageCaching();


    
if (AuthenticationAttempts == 1)

    {

        
// Change previous user to current user

        
PreviousUser = CurrentUser;


        
AuthenticationAttempts = AuthenticationAttempts + 1;


        
// Send the first 401 response

        
ChangeUser.Send401();

    }

    

    
if (AuthenticationAttempts == 2)

    {          

        
// When a browser is set to "automaticaly sign in with current credentials", we have to send two 401 responses to let the browser re-authenticate itself.

        
// I don't know how to determine if a browser is set to "automaticaly sign in with current credentials", so two 401 responses are always send when the user

        
// does not switch accounts. In Micrososft Office sharepoint the user has to supply the credentials 3 times, when the user does not switch accounts,

        
// so it think this is not a problem.

        
ChangeUser.Send401();

        
if (CurrentUser.Equals(PreviousUser))

        {

            
//Send the second 401 response

            
ChangeUser.Send401();

        }

        
else

        {

     

        }

        
if (Request.IsAuthenticated)

        {

            
// Clear the session of the current user. This will clear all sessions objects including the "AuthenticationAttempts"

            
HttpContext.Current.Session.Abandon();

            
HttpContext.Current.Session.Clear();


            
// Redirect back to the main page

            
HttpContext.Current.Response.Redirect("http://www.google.com");    

        }

    }

}
Ich hoffe das mir jemand hier helfen kann.

gruß
 
Zuletzt bearbeitet: