Windows 身份验证不适用于具有 ASP.NET 核心的 IIS
[英]Windows Authentication Does not work on IIS with ASP.NET Core
问题描述
I am trying to use Windows Authentication for ASP.NET Core MVC application.
我正在尝试对 ASP.NET 核心 MVC 应用程序使用 Windows 身份验证。 Following is the problem statement.以下是问题陈述。
When application is run with IISExpress, it runs without any issues.当应用程序使用 IISExpress 运行时,它运行没有任何问题。 But when it is configured as a site in IIS and run, it prompts for credentials and even after entering corrected credentials application shows error page with status 401.但是当它被配置为 IIS 中的站点并运行时,它会提示输入凭据,甚至在输入更正的凭据后,应用程序也会显示状态为 401 的错误页面。
Details: Application is a plain boiler plate ASP.NET Core MVC application with Windows Authentication enabled.详细信息:应用程序是一个普通样板 ASP.NET 核心 MVC 应用程序,启用了 Windows 身份验证。 I am experimenting to find a solution to use in the actual application.我正在尝试寻找在实际应用中使用的解决方案。
Framework: .NET Core 2.2架构:.NET Core 2.2
Environment: Visual Studio 2019 on Windows Server 2019 machine with IIS 10.0环境:Visual Studio 2019 on Windows Server 2019机器,IIS 10.0
Following are the changes I made in the boiler plate application.以下是我在样板应用程序中所做的更改。 Changes in Startup.cs file to use authentication.更改 Startup.cs 文件以使用身份验证。
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure<IISOptions>(options =>
{
options.AutomaticAuthentication = true;
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
Added following line of code in Configure method in Startup.cs file.在 Startup.cs 文件的Configure方法中添加了以下代码行。
app.UseAuthentication();
Enabled windows authentication for debug in Project Properties and configured IIS hosting with OutProcess hosting model.在项目属性中为调试启用 windows 身份验证,并配置 IIS 托管和 OutProcess 托管 model。
Configured application as a website in IIS with Windows Authentication enabled.将应用程序配置为 IIS 中的网站,并启用了 Windows 身份验证。
Things I have tried.我尝试过的事情。
- Tried adding
forwardWindowsAuthToken="true"in web.config file.尝试在 web.config 文件中添加forwardWindowsAuthToken="true"。 - Tried adding the site in Local Intr.net sites in Inte.net options of browser.尝试在浏览器的 Inte.net 选项中的 Local Intr.net 站点中添加站点。
- Tried using
UseIIS()in Program.cs for WebHostBuilder.尝试在 WebHostBuilder 的 Program.cs 中使用UseIIS()。
Suggestions from StackOverflow questions I tried.我尝试过的 StackOverflow 问题的建议。
Asp.Net core MVC application Windows Authentication in IIS Asp.Net core MVC 应用程序 Windows IIS 中的身份验证
ASP.Net Core: keep windows authentication ASP.Net Core:保留 windows 身份验证
Asp.Net Core Windows Authentication Not Working in IIS Asp.Net Core Windows 身份验证在 IIS 中不起作用
If I enabled Windows Authentication on both IIS and on Application, the application prompts for credentials when browsed.如果我在 IIS 和应用程序上都启用了 Windows 身份验证,应用程序会在浏览时提示输入凭据。 Even after entering current credentials it does not go thru and re-prompts.即使在输入当前凭据后,它也不会通过 go 并重新提示。 After attempting 3 times the application shows error page with 401 error.尝试 3 次后,应用程序显示带有 401 错误的错误页面。
I believe configurations are correct if I application is prompting for credentials, but I am fail to understand why it is not accepting the user login even after providing corrected credentials.如果我的应用程序提示输入凭据,我相信配置是正确的,但我不明白为什么即使在提供更正的凭据后它也不接受用户登录。
Note: All the activities, development, debugging, hosting etc are happening on the same Windows 2019 server machine.注意:所有活动、开发、调试、托管等都发生在同一台 Windows 2019 服务器机器上。 And the machine is hosting a domain controller too and login is attempted with one of the valid domain users.该机器也托管域 controller,并尝试使用其中一个有效域用户登录。
I am completely clueless right now and anything I try results in the same issue at the end.我现在完全一无所知,我尝试的任何事情最终都会导致同样的问题。 Feel free to ask if any more details required.随时询问是否需要更多详细信息。
EDIT 1 ----------------------------------------------编辑 1 ------------------------------------------
I got little success with configuring my site on IIS with port 8081 and with not binding name.我在 IIS 上使用端口 8081 且未绑定名称配置我的站点时收效甚微。
This way when I browse http://localhost:8081 it logs the current user in without any problem.这样,当我浏览 http://localhost:8081 时,它会毫无问题地登录当前用户。 But when I configure it with any binding name such as sample.localapp.com it starts prompting for credentials but never accept it.但是当我用任何绑定名称配置它时,例如sample.localapp.com它开始提示输入凭据但从不接受它。
Thanks in advance.提前致谢。
3 个解决方案
解决方案1
1 2022-05-18 14:43:26
I was having this same issue on Windows 10. The solution turned out to be detailed in first comment on the question described here我在 Windows 10 遇到了同样的问题。解决方案在对此处描述的问题的第一条评论中进行了详细说明
- Open RegEdit打开注册表编辑器
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0导航到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right-click MSV1_0 and create a new multi-string value called BackConnectionHostNames右键单击 MSV1_0 并创建一个名为 BackConnectionHostNames 的新多字符串值
- Double click BackConnectionHostNames and enter the DNS name of your local site.双击 BackConnectionHostNames 并输入本地站点的名称 DNS。
- Reboot your computer.重新启动计算机。
解决方案2
0 2020-08-03 21:38:04
Please add IIS_IUSRS to the publish folder or where your web application located请将 IIS_IUSRS 添加到发布文件夹或您的 web 应用程序所在的位置
解决方案3
0 2021-08-21 16:39:43
Hello friend I know you put the answer in the question but I try to elaborate more:你好朋友,我知道你在问题中给出了答案,但我会尝试详细说明:
Delete your binding name in c:\windows\system32\drivers\etc\host file and in IIS manager goes to your website right click it and choose Edit Bindings... option, edit your binding website clearing the Host Name: field, and you now can write in the browser url http://servername:port/在c:\windows\system32\drivers\etc\host文件中删除您的绑定名称,然后在IIS管理器转到您的网站,右键单击它并选择编辑绑定...选项,编辑您的绑定网站,清除主机名:字段,然后您现在可以在浏览器中写入 url http://servername:port/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.