¿Con qué credenciales se ejecuta mi aplicación web?

  • Article

Existen diversos escenarios en los que nos es útil saber qué método de autenticación está utilizando nuestra aplicación web y con qué credenciales se está ejecutando nuestro código. Para poder determinarlo de forma rápida he desarrollado una página ASP.NET que hace estas comprobaciones y muestra el resultado en pantalla.

clip_image002

Este es el código de la página ASPX:

<%@ Page Language="C#" Debug="true" %>

<%@ Import Namespace="System.Threading" %>

<%@ Import Namespace="System.Security.Principal" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

public string AuthType, AuthPackage, WindowsID, HttpContextID, ThreadID;

private AuthTypeEnum _authType;

internal enum AuthTypeEnum

{

Anonymous,

Negotiate,

NTLM,

Other

}

protected void Page_Load(object sender, EventArgs e)

{

_authType = AuthTypeEnum.Other;

GetIdentities();

Response.Headers.Add("Connection", "Close");

}

private void GetIdentities()

{

AuthType = GetAuthType();

AuthPackage = GetAuthPackage();

WindowsID = GetWindowsID();

HttpContextID = GetHttpContextID();

ThreadID = GetThreadID();

}

private string GetAuthType()

{

if (Context.User.Identity.AuthenticationType != String.Empty)

{

_authType = AuthTypeEnum.Negotiate;

return Context.User.Identity.AuthenticationType;

}

else if (!Context.User.Identity.IsAuthenticated)

{

_authType = AuthTypeEnum.Anonymous;

return "Not Authenticated (Anonymous)";

}

else

return "-";

}

private string GetAuthPackage()

{

if (_authType != AuthTypeEnum.Anonymous &&

Context.Request.ServerVariables["HTTP_AUTHORIZATION"] != null)

{

string authHeader =

Context.Request.ServerVariables["HTTP_AUTHORIZATION"];

if (authHeader.StartsWith("Negotiate TlRMTVNTUA"))

return "Kerberos";

else

return "NTLM";

}

else

return "-";

}

private string GetWindowsID()

{

if (WindowsIdentity.GetCurrent().Name != String.Empty)

return WindowsIdentity.GetCurrent().Name;

else

return "-";

}

private string GetHttpContextID()

{

if (HttpContext.Current.User.Identity.Name != String.Empty)

return HttpContext.Current.User.Identity.Name;

else

return "-";

}

private string GetThreadID()

{

if (Thread.CurrentPrincipal.Identity.Name != String.Empty)

return Thread.CurrentPrincipal.Identity.Name;

else

return "-";

}

</script>

<html xmlns="https://www.w3.org/1999/xhtml">

<head id="Head1" runat="server">

<title>ASP.NET Identity Test</title>

<style type="text/css">

.style_div

{

font-family: "Consolas";

font-size: 22px;

}

.left

{

font-weight: bold;

width: 300px;

}

.right

{

color: #FF0000;

}

</style>

</head>

<body>

<form id="form1" runat="server">

<div class="style_div">

<table border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="left">

Authentication Type:

</td>

<td class="right">

<% Response.Write(AuthType); %>

</td>

</tr>

<tr>

<td class="left">

Authentication Package:

</td>

<td class="right">

<% Response.Write(AuthPackage); %>

</td>

</tr>

<tr>

<td class="left">

Windows Identity:

</td>

<td class="right">

<% Response.Write(WindowsID); %>

</td>

</tr>

<tr>

<td class="left">

HttpContext Identity:

</td>

<td class="right">

<% Response.Write(HttpContextID); %>

</td>

</tr>

<tr>

<td class="left">

Thread Identity:

</td>

<td class="right">

<% Response.Write(ThreadID); %>

</td>

</tr>

</table>

</div>

</form>

</body>

</html>

Espero que os sea de utilidad.

 

- Daniel Mossberg