当tusers尝试登录到我的asp.net Intranet Web应用程序时,显示“ 401-未经授权:访问被拒绝”
[英]“401 - Unauthorized: Access is denied”, when tusers is trying to login to my asp.net intranet web application
问题描述
I have the following :- 
我有以下内容:
- Our Internal network contains both DomainA & DomainB. 我们的内部网络包含DomainA和DomainB。
- Both domains can communicate with each other , but there is no trust between them and ADFS is disabled. 两个域可以相互通信,但是它们之间没有信任关系,并且禁用了ADFS。
- I have an asp.net mvc web application deployed under IIS 7.5 on domainA. 我在domainA的IIS 7.5下部署了一个asp.net mvc Web应用程序。
- I have the authentication type for my asp.net mvc as windows-authentication 我的asp.net mvc的身份验证类型为Windows身份验证
My current situation is as follow:- 我目前的情况如下:
- Users which are defined under domainA (where the asp.net MVC is deployed) can access the asp.net mvc web application using their username and password, entered insde the browser pop-up. 在domainA下定义的用户(部署了asp.net MVC的用户)可以使用其用户名和密码(在浏览器弹出窗口中输入)来访问asp.net mvc Web应用程序。
- While users defined under domainB , will get “401 - Unauthorized: Access is denied,” when they enter their domain username and password (they will enter the username and password three times before getting 401 error). 在domainB下定义的用户在输入域用户名和密码时将得到“ 401-未经授权:访问被拒绝”(在输入401错误之前,他们将输入用户名和密码3次)。
So my question is :- 所以我的问题是:
- I am unable to know what are the steps either inside the web.config file or the insdie IIS , which I need t follow, to allow my aspnet mvc intranet web application to authenticate users from both domains. 我不知道web.config文件或insdie IIS内部需要执行哪些步骤,以便允许我的aspnet mvc Intranet Web应用程序对来自两个域的用户进行身份验证。 So if the user enter domainA\\username then the asp.net should look for the users inside the AD in domainA, while if the user enter domainB\\username , then the asp.net should look inside domainB 因此,如果用户输入domainA \\ username,则asp.net应在domainA中的AD中寻找用户,而如果用户输入domainB \\ username,则asp.net应在domainB内寻找用户
1 个解决方案
解决方案1
1 2014-01-19 19:27:11
You need to add 2 sets of <providers> in your web.config, 1 for each domain, as follows. 您需要在web.config中添加2套<providers> ,每个域1套,如下所示。
Steps to configure ASP.NET Membership providers for multiple domains 为多个域配置ASP.NET成员资格提供程序的步骤
1) In the Web.config file, add connection strings similar to those shown in the following example that point to your Active Directory user database for each domain. 1)在Web.config文件中,添加类似于以下示例中所示的连接字符串,该字符串指向每个域的Active Directory用户数据库。
<connectionStrings>
<add name="TestDomain1ConnectionString" connectionString="LDAP://testdomain1.test.com/CN=Users,DC=testdomain1,DC=test,DC=com" />
<add name="TestDomain2ConnectionString" connectionString="LDAP://testdomain2.test.com/CN=Users,DC=testdomain2,DC=test,DC=com" />
.
..
...
</connectionStrings>
2) In the Web.config file, configure the <membership> element with ActiveDirectoryMembershipProvider instances pointing to each domain as shown here. 2)在Web.config文件中,使用指向每个域的ActiveDirectoryMembershipProvider实例配置<membership>元素,如下所示。
<membership >
<providers>
<add
name="TestDomain1ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="TestDomain1ConnectionString"
connectionUsername="testdomain1\administrator"
connectionPassword="password"/>
<add
name="TestDomain2ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="TestDomain2ConnectionString"
connectionUsername="testdomain2\administrator"
connectionPassword="password"/>
</providers>
</membership>
Make sure you set the connectionStringName attribute to the correct connection string name specified earlier in your <connectionStrings> section. 确保将connectionStringName属性设置为前面在<connectionStrings>部分中指定的正确连接字符串名称。
For detailed walkthrough of setting this up and making sure it works, see here. 有关设置并确保其有效的详细演练, 请参见此处。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.