Windows 授权适用于 IIS Express 上的调试,但不适用于 IIS 服务器
[英]Windows Authorization works in debug on IIS Express but not in IIS server
问题描述
I have been fighting what seems to be a configuration error or a bug in ASP.Net Core 3.1.
我一直在与 ASP.Net Core 3.1 中的配置错误或错误作斗争。 I am attempting to take in a Windows Authentication user and check if this user is in an AD group that has been specified in the appsettings.json.我正在尝试接收 Windows 身份验证用户并检查该用户是否在 appsettings.json 中指定的 AD 组中。 While in the debug mode locally running IIS Express everything works correctly.在本地运行 IIS Express 的调试模式下,一切正常。 The user is authenticated, and the check for the AD group succeeds.用户通过认证,AD组检查成功。
I publish this project to a folder and copy it to my internal IIS server which is connected to the domain.我将此项目发布到一个文件夹并将其复制到连接到域的内部 IIS 服务器。 I have configured the IIS server (Windows Server 2016 / IIS Version 10) for windows authentication and disabled anonymous authentication.我已经为 Windows 身份验证配置了 IIS 服务器(Windows Server 2016 / IIS 版本 10)并禁用了匿名身份验证。 When I attempt to navigate to the application I get the following error...当我尝试导航到应用程序时,我收到以下错误...
Which refers to the following code:其中指的是以下代码:
public class ClaimsLoader{
public static string Role { get; set; }
public static bool IsInGroup(ClaimsPrincipal User, string GroupName)
{
bool check = false;
var user = (WindowsIdentity)User.Identity;
if (user.Groups != null)
{
foreach (var group in user.Groups)
{
check = group.Translate(typeof(NTAccount)).ToString().Contains(GroupName);
if (check)
break;
}
}
return check;
} }
And the controller referencing this is:引用它的控制器是:
if (ClaimsLoader.IsInGroup(User, _config.GetValue<string>("Admin"))){
ClaimsLoader.Role = "Administrator";
}
else if (ClaimsLoader.IsInGroup(User, _config.GetValue<string>("Modify")))
{
ClaimsLoader.Role = "Modify";
}
else
{
ClaimsLoader.Role = "";
}
Based on the articles I have read, this is the way to do this.根据我阅读的文章,这是执行此操作的方法。 Most are referencing .net core 2.0 so has something changed between the versions making this obsolete?大多数都在引用 .net core 2.0,所以版本之间有什么变化使这个过时了吗? I find it very frustrating that this works on IIS Express with windows Authentication but not on IIS.我觉得非常令人沮丧的是,这在具有 Windows 身份验证的 IIS Express 上有效,但在 IIS 上无效。
This is my first post on here so, please let me know if I missed some information that is needed.这是我在这里的第一篇文章,如果我错过了一些需要的信息,请告诉我。
Edit: Here is the windows authentication settings in IIS.编辑:这是 IIS 中的 Windows 身份验证设置。 IIS Windows Authentication IIS Windows Auth Providers IIS Windows 身份验证IIS Windows身份验证提供程序
1 个解决方案
解决方案1
0 2020-10-07 05:08:02
I have created a test demo on my side and I could reproduce your issue now.我已经在我这边创建了一个测试演示,我现在可以重现您的问题。
I guess you may enabled anonymous authentication and windows authentication at same time.我猜您可能同时启用了匿名身份验证和 Windows 身份验证。
I suggest you could try to disable the anonymous authentication and enable the windows authentication and try again.我建议您可以尝试禁用匿名身份验证并启用 Windows 身份验证,然后再试一次。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.