简体繁体 English

IIS7：在IIS6中设置集成Windows身份验证

[英]IIS7: Setup Integrated Windows Authentication like in IIS6

原文 2009-01-12 17:15:11 8 5 authentication/ iis-7/ windows-authentication

This is for IIS 7 on a Windows Server 2008 that is not part of an AD domain. 这适用于不属于AD域的Windows Server 2008上的IIS 7。 I would like to password protect a website, where people have to enter a username/password (a windows account for example) to view the website. 我想密码保护一个网站，人们必须输入用户名/密码（例如一个Windows帐户）来查看网站。 The website would then use its own authentication method (forms) to handle user accounts and decide whether or not to show member specific pages, etc. 然后，该网站将使用其自己的身份验证方法（表单）来处理用户帐户并决定是否显示成员特定页面等。

With IIS6, we just disabled anonymous access and enabled integrated windows authentication. 使用IIS6，我们只是禁用了匿名访问并启用了集成的Windows身份验证。 IIS7 behaves differently and when I enter the windows username/password to view the site, the site comes up fine but redirects to the login page. IIS7的行为有所不同，当我输入windows用户名/密码来查看该站点时，该站点出现正常但重定向到登录页面。 Once I log in, the site behaves naturally. 登录后，该网站会自然地运行。 I need to be able to navigate the site without logging in with the website credentials. 我需要能够在不登录网站凭据的情况下浏览网站。

I don't think enabling anonymous access would make sense here since I want access to the website to be password protected (popup username/password dialog when you first navigate to the url). 我不认为启用匿名访问在这里是有意义的，因为我希望访问该网站受密码保护（当您第一次导航到URL时弹出用户名/密码对话框）。

Any help is appreciated! 任何帮助表示赞赏！

5 个解决方案

To enable the Windows Authentication on IIS7 on Windows 7 machine: 要在Windows 7计算机上的IIS7上启用Windows身份验证：

Go to Control Panel 转到“控制面板”
Click Programs >> Programs and Features 单击程序>>程序和功能
Select "Turn Windows Features on or off" from left side. 从左侧选择“打开或关闭Windows功能”。
Expand Internet Information Services >> World Wide Web Services >> Security 展开Internet信息服务>>万维网服务>>安全性
Select Windows Authentication and click OK. 选择Windows Authentication，然后单击OK。
Reset the IIS and Check in IIS now for windows authentication. 立即重置IIS并检入IIS以进行Windows身份验证。

Enjoy 请享用

Two-stage authentication is not supported with IIS7 Integrated mode. IIS7集成模式不支持两阶段身份验证。 Authentication is now modularized, so rather than IIS performing authentication followed by asp.net performing authentication, it all happens at the same time. 身份验证现在是模块化的，因此IIS执行身份验证后执行身份验证，而不是IIS执行身份验证，而这一切都在同一时间发生。

You can either: 你可以：

Change the app domain to be in IIS6 classic mode... 将应用程序域更改为IIS6经典模式...
Follow this example ( old link ) of how to fake two-stage authentication with IIS7 integrated mode. 请按照此示例（旧链接）了解如何使用IIS7集成模式伪造两阶段身份验证。
Use Helicon Ape and mod_auth to provide basic authentication 使用Helicon Ape和mod_auth提供基本身份验证

Configure IIS7 for windows authentication in Windows Server 2008 在Windows Server 2008中为Windows身份验证配置IIS7

See this link: 看到这个链接：

http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

Enjoy this post :-) 享受这篇文章:-)

So do you want them to get the IE password-challenge box, or should they be directed to your login page and enter their information there? 那么您希望他们获得IE密码挑战框，还是应该将他们定向到您的登录页面并在那里输入他们的信息？ If it's the second option, then you should at least enable Anonymous access to your login page, since the site won't know who they are yet. 如果这是第二个选项，那么您至少应该启用匿名访问您的登录页面，因为该站点将不知道他们是谁。

If you want the first option, then the login page they're getting forwarded to will need to read the currently logged-in user and act based on that, since they would have had to correctly authenticate to get this far. 如果你想要第一个选项，那么他们转发到的登录页面将需要读取当前登录的用户并根据它进行操作，因为他们必须正确地进行身份验证才能实现这一目标。

There's another thread elsewhere on Stack with a similar topic and the best solution I've come across is to use the free version of Helicon Ape 在Stack的其他地方还有另一个类似主题的线程，我遇到的最好的解决方案是使用Helicon Ape的免费版本

Once you've got that installed, follow the steps at the page Titled "HTTP Authentication and Authorization" 安装完成后，请按照标题为“HTTP身份验证和授权”的页面中的步骤操作