/// <summary>
/// 在Form验证的条件下,实现Asp.net中的“模拟”功能,以支持对数据库采用“集成验证”模式,与原来Access系统访问数据库方式保持兼容
/// 方法是:我们现在的Form验证,提交的验证凭证为域账户信息(域、用户名、密码),在验证通过后,将此信息保存在Form验证生成的Cookie
/// 中,再次发起请求时,根据Cookie中的域账户信息生成WindowsIdentity,并将HttpContext.User设置为包含该WindowsIdentity的
/// WindowsIPrinciple,然后实现模拟(即:newId.Impersonate())
/// 2015-01-07, ligsh, 设置仅POST请求才进行模拟(为了减少对AD的查询操作提高性能,这要求开发上仅POST请求才能进行数据修改操作)
/// </summary>
/// <param name="sender"></param>
/// <param name="args"></param>
public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
if (CurrentUserFactory.GetCurrentUser() == null)
{
System.Collections.Specialized.NameValueCollection loginInfo = GetLoginNameFrom();
if (loginInfo != null)
{
CurrentUserFactory.SetCurrentUser(loginInfo["DomainName"], loginInfo["UserName"]);
}
}
if (args.Context.Request.HttpMethod == "POST" && System.Configuration.ConfigurationManager.AppSettings["UseTrueDomainUserToAccessDB"] == "true")
{
System.Collections.Specialized.NameValueCollection loginInfo = GetLoginNameFrom();
if (loginInfo != null)
{
WindowsIdentity newId = ActiveDirectoryHelper.GetWindowsIdentity(loginInfo["DomainName"], loginInfo["UserName"], loginInfo["Password"]);
args.User = new System.Security.Principal.WindowsPrincipal(newId);
newId.Impersonate();
}
}
}