如何在ASP.NET中禁用IIS凭据
[英]How to disable IIS credentials in ASP.NET
问题描述
Is there a way to disable IIS default authentication in global.asax or somewhere else depending on passed parameters. 
有没有一种方法可以根据传递的参数在global.asax或其他位置禁用IIS默认身份验证。
A client requests the same form would be secured using IIS authentication and by providing authentication information in POST variables 客户端请求使用IIS身份验证并通过在POST变量中提供身份验证信息来保护相同形式的安全
2 个解决方案
解决方案1
4 已采纳 2009-04-21 10:54:50
IIS authentication happens before the request is passed to the ASP.NET egine. IIS身份验证在将请求传递到ASP.NET实例之前进行。 Therefore, the answer to your question is "no". 因此,您的问题的答案是“否”。
However, by enabling anonymous access on IIS only, you can process any authentication (including Basic etc.) in your application without being "intercepted" by IIS. 但是,通过仅在IIS上启用匿名访问,您可以处理应用程序中的任何身份验证(包括Basic等),而不会受到IIS的“拦截”。
解决方案2
0 2009-04-21 11:02:26
This is not a complete answer, but may give you direction. 这不是一个完整的答案,但可能会为您指明方向。 If you are using IIS 7, then HttpModules are now native to IIS. 如果您使用的是IIS 7,则HttpModules现在是IIS固有的。 That is, you can get an implementation of the IHttpModule interface to be used by IIS, regardless of what type of content is being served. 也就是说,无论提供哪种类型的内容,您都可以获取IIS使用的IHttpModule接口的实现。
I suspect that you can wire such an HttpModule so that it will notice when IIS is failing a request due to a failure of Windows Authentication. 我怀疑您可以连接这样的HttpModule,以便它会在IIS由于Windows身份验证失败而使请求失败时发出通知。 If that is possible, then you might still be able to examine the POST variables and give the request a "second chance". 如果可能,那么您仍然可以检查POST变量并为请求提供“第二次机会”。
I also wonder if it might be possible with IIS 7 to turn this around - have the main site use anonymous authentication so that your code can check the form POST parameters. 我还想知道IIS 7是否有可能解决这个问题-让主站点使用匿名身份验证,以便您的代码可以检查POST参数形式。 If that authentication fails, then redirect to the Windows Authentication site. 如果该身份验证失败,则重定向到Windows身份验证站点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.