为Intranet应用程序ASP.NET MVC配置IIS
[英]Configuration of IIS for Intranet Application ASP.NET MVC
问题描述
I want to host an ASP.NET MVC project as an intranet webapp. 
我想将ASP.NET MVC项目作为Intranet webapp托管。 Currently I'm struggling with the configuration of the IIS. 目前我正在努力配置IIS。 Finally the webapp should use the information of the logon (windows) user and check it through the AD. 最后,webapp应该使用登录(windows)用户的信息并通过AD进行检查。 Does this the IIS imiplict or do I need some extra code in my project? 这是IIS imiplict还是我的项目中需要一些额外的代码?
My current configuration: I have enabled only Windows Authentication in my ASP.NET project. 我当前的配置:我在ASP.NET项目中只启用了 Windows身份验证。 In the IIS I also only enabled Windows Authentication in the Authentication option of the hosted site. 在IIS中,我还仅在托管站点的“身份验证”选项中启用了Windows身份验证。 My .NET Authoritzation Rules: 我的.NET授权规则:
Allow All Users Inherited & Allow mydomain\\myuser GET,POST Local 允许所有用户继承并允许mydomain \\ myuser GET,POST Local
I also granted the IIS Application pool rights for the respective folder in the directory ( 我还为目录中的相应文件夹授予了IIS应用程序池权限(
Within these settings I also get stucked while get onto the page. 在这些设置中,我也会在进入页面时被卡住。 The first weird thing is, that the site ask for my username and password (Why it doesn't take the information of the logon user?). 第一个奇怪的是,该网站要求我的用户名和密码(为什么它不接受登录用户的信息?)。 The second weird thing is (that is - I think - in correlation to the first thing) doesn't accept my correct! 第二个奇怪的事情(就是 - 我认为 - 与第一件事相关)并不接受我的正确! credentials. 证书。
For me it seems like the server cannot check the credentials or more basically - the server doesn't know where he have to check it. 对我来说,似乎服务器无法检查凭据或更基本 - 服务器不知道他必须检查它。
/EDIT1/ here my web.config: / EDIT1 /这里我的web.config:
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="owin:AutomaticAppStartup" value="false"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<authentication mode="Windows" />
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
</system.webServer>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
</configuration>
1 个解决方案
解决方案1
0 2016-09-16 10:26:00
It is usually a browser setting whether the credentials should be silently supplied without asking the user. 通常是浏览器设置是否应该在不询问用户的情况下静默提供凭证。
Look at the link below, it is about something else but it also has the steps to configure the browser. 请看下面的链接,它是关于其他的东西,但它也有配置浏览器的步骤。 https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM
Try using credentials of a user account on the server itself to see if that works. 尝试在服务器上使用用户帐户的凭据来查看是否有效。 If the Active Directory service is working, the server should be able to authenticate the users. 如果Active Directory服务正在运行,则服务器应该能够对用户进行身份验证。 You might also want to try removing the authorization for a particular domain/user first and add that later if you are able to authenticate. 您可能还想尝试首先删除特定域/用户的授权,如果能够进行身份验证,请稍后添加。
Keep in mind that you'll also have to disable anonymous authentication. 请记住,您还必须禁用匿名身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.