asp.net - WindowsIdentity.RunImpersonated 导致 ASP.NET Core 3.1 上的 System.Net.Http.HttpRequestException

Question

目前，我们在 IIS(DEV 服务器)中托管了一个 .net core 3.1 webapp，它使用 Windows 身份验证。当我们在一个 Controller 操作中调用另一个 webapi 时，我们想模拟调用者的凭据，这是我们的代码

        [Authorize]
        public IActionResult Get()
        {
            _logger.LogInformation("Boom! In Get");

            WindowsIdentity.RunImpersonated(((WindowsIdentity)HttpContext.User.Identity).AccessToken, () =>
            {
                _logger.LogInformation($"Received request");

                HttpClient _client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true })
                {
                    BaseAddress = new Uri("http://SomeTestUrl.com/")
                };

                var result = _client.GetAsync("/api/program").Result;
                var json = result.Content.ReadAsStringAsync().Result;


                _logger.LogInformation($"Returning response");
            });

            return Ok("True");
        }

它在带有 IISExpress 的本地机器上运行良好，但在 DEV 服务器上失败。我得到低于错误。

知道为什么我会收到此错误吗？在 Controller 操作中模拟用户的正确方法是什么？

其他观察:

我们有另一个 .net web api(不是核心)，它调用相同的 url
“http://SomeTestUrl.com/ ”在模拟模式下也能正常工作
在 DEV 服务器上很好。

如果我尝试使用 IP 地址“http://10.10.20.300/ ”而不是“http://SomeTestUrl.com/ ”来调用 url ，它会起作用。

System.Net.Http.HttpRequestException: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server. ---> System.Net.Sockets.SocketException (11002): This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server. at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)

Answer 1

我们遇到了完全相同的问题，不得不求助于使用环回 IP 地址来避免需要 DNS 解析 ( http://127.0.0.1/MyAddress )。很多小时都在试图解决这个问题而没有任何乐趣，我只能假设这是 .net 核心中的一个错误。我希望这有帮助。