堆栈内存溢出
  简体   繁体   English

拒绝用户 windows 认证 IIS 8.5

[英]Denying users in windows authentication IIS 8.5

 原文  2021-01-20 21:47:15       c#/ asp.net/ asp.net-core/ razor-pages

问题描述

I'm pretty new to .NET and I created a simple asp.net core web app using razor.我对 .NET 很陌生,我使用 Z60C05C632A2822A025487777 创建了一个简单的 asp.net 核心 web 应用程序。 I successfully published it in my IIS 8.5.我在我的 IIS 8.5 中成功发布了它。 I enabled windows authentication each time an user wants to access the page in my company network.每次用户想要访问我公司网络中的页面时,我都启用了 windows 身份验证。 However I'd like to restrict the access to all the users in the network except to a few users.但是,我想限制对网络中所有用户的访问,除了少数用户。 I tried modifying my web.config file as follows:我尝试修改我的 web.config 文件如下:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
    <security>
      <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Deny" users="*" />
                <add accessType="Allow" users="Alice,Bob" />
      </authorization>
          </security>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\Autentificacion.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
      
    </system.webServer>
  </location>
</configuration>

After accessing the website the user is asked to put their windows user credentials but any user in the network can access the website not only Alice or Bob.访问该网站后,要求用户输入其 windows 用户凭据,但网络中的任何用户都可以访问该网站,不仅是 Alice 或 Bob。 Do I need to change an IIS configuration?我是否需要更改 IIS 配置?

1 个解决方案

解决方案1
 0 已采纳  2021-01-20 22:14:39

You want to look into authorization Policies.您想查看授权策略。

services.AddAuthorization(options =>
        {
            options.AddPolicy("NewPolicy", policy =>
                policy.RequireAssertion(context =>
                    context.User.IsInRole("Some cool user group")));
        });

Where the users you want to have access are a part of a user group called "Some cool user group".您想要访问的用户是称为“一些很酷的用户组”的用户组的一部分。

From there you may protect your routes and controllers with this policy by using the Authorize Attribute:从那里,您可以使用授权属性使用此策略保护您的路由和控制器:

[Authorize(Policy = "NewPolicy")]

further reading: https://chrissainty.com/securing-your-blazor-apps-configuring-policy-based-authorization-with-blazor/进一步阅读: https://chrissinty.com/securing-your-blazor-apps-configuring-policy-based-authorization-with-blazor/

I would not recommend fiddling with the IIS web.config unless absolutely necessary.除非绝对必要,否则我不建议摆弄 IIS web.config。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IIS 8.5 中的 Windows 身份验证没有弹出 - Windows authentication in IIS 8.5 without pop up appearing OWIN Cookie身份验证无法在IIS 8.5上运行 - OWIN Cookie authentication not working on IIS 8.5 从IIS 7.5升级到IIS 8.5会破坏带有Hawk身份验证的OData吗? - Upgrade from IIS 7.5 to IIS 8.5 breaks OData with Hawk Authentication? 拒绝IIS中的文件扩展名 - Denying file extensions in IIS IIS Windows身份验证IIS APPOOL - IIS Windows Authentication IIS APPOOL IIS要求Windows身份验证 - IIS asking for windows authentication Windows IIS 中的身份验证问题 - Windows Authentication problems in IIS 身份验证在 IIS8.5 中安装的 Wordpress 博客的子目录中不起作用 - Authentication not working in subdirectories of Wordpress blog installed in IIS8.5 WCF-IIS Windows身份验证 - WCF - IIS Windows Authentication IIS和Windows身份验证上的NancyFx - NancyFx on IIS and Windows Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM