IIS7和身份验证问题
[英]IIS7 and Authentication problems
问题描述
i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room). 
我有一个标准的ASP.NET网站,已将其部署到我们的开发机器(服务器机房中的内部机器)中。
Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. 现在,内部和外部用户都可以访问此开发站点。 Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. 现在,在IIS6中,我们曾经使用过它,以便关闭了 匿名身份验证,并打开了其他功能..为用户提供了用于用户名和密码的弹出模型框。 I think they had to type some username or password that was defined in a web.config file? 我认为他们必须输入在web.config文件中定义的一些用户名或密码? (not their website account username/password)/ (不是他们的网站帐户用户名/密码)/
Now, with IIS7, when i turn Anon Auth off , and turn on Basic or Windows Auth , i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page). 现在,使用IIS7,当我关闭Anon Auth并打开Basic或Windows Auth时 ,我可以访问该站点,但它尝试使用这些凭据登录我。而不是用户注册的帐户(使用某些帐户)股票标准asp.net网络表单页面)。
So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. 因此...可以“锁定”整个站点并让测试人员获得对该站点的常规访问权限,这与他们的网站用户名和密码不同。 Those usernames and passwords are for use in the site instead. 这些用户名和密码将改为在网站中使用。
does that make sense? 那有意义吗?
cheers! 干杯!
<authentication mode="Forms">
<forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
</forms>
</authentication>
there is no authorization section. 没有授权部分。
also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ?? 另外,当我在iis7中添加“摘要身份验证”并启用该功能(并禁用其他功能)时,我会弹出窗口(慢叫!),但我不确定需要传递什么凭据。在哪里可以定义这些凭据手动凭据(因此它们与网站用户是分开的)?
1 个解决方案
解决方案1
6 已采纳 2009-01-13 02:32:59
IIS7 integrated mode does not support the two phase authentication that IIS6 does. IIS7集成模式不支持IIS6进行的两阶段身份验证。 Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). 基本上,IIS6将执行其身份验证(windows),然后由asp.net执行其身份验证(窗体)。 But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods. 但是,使用IIS7,在集成模式下一切都是平等的,因此您只能使用一种或另一种身份验证方法。
You can either convert the app pool to use classic mode or follow this workaround to get it working with Integrated mode. 您可以将应用程序池转换为使用经典模式,也可以按照以下解决方法将其在集成模式下使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.