문제
We have an IIS 7.5 with the following site structure:
WebApp (ASP.NET Forms) = Web Site (http://WebApp)
WebAPI (MVC 4 Web API) = Folder converted to Application (http://WebApp/webapi)
Both are running under the same ApplicationPool.
Both have the same Authentication settings:
- ASP.NET impersonation (authenticated user)
- Windows Authentication (providers: negotiate)
Both web.configs define:
https://stackoverflow.com/questions/13507980
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<authentication mode="Windows" />
<identity impersonate="true" />
The WebApp calls a WebService from the WebAPI by using HttpClient:
HttpClient _httpClient = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
_httpClient.BaseAddress = new Uri("http://WebApp/webapi/");
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage _response = _httpClient.GetAsync("api/Entity/Get").Result;
and the WebAPI connects to a DB by using MS Enterprise Library.
When I run this localy everything works fine, when I deploy this on the IIS 7.5 server and start remote debugging, my HttpContext Current user in the Web API is the Application Pool Identity instead of the user that is logged on to the Web Application. I ofcourse want it to be the user logged on to the WebApp because I want to use security based on AD account (groups).
Can anyone, please, offer some advice to get this working. Thanks in advance.
해결책
The following answer helped us (https://stackoverflow.com/a/10311823/68024) :
There are two possible ways out of this. If you have access to yours server aspnet_config.config, you should set following settings (setting those in web.config seems to have no effect):
<legacyImpersonationPolicy enabled="false"/> <alwaysFlowImpersonationPolicy enabled="true"/>
