[英]Windows authentication doesn't work after deploy on iis
I have a problem with this simple piece of code:我对这段简单的代码有疑问:
public void OnAuthorization(AuthorizationFilterContext context)
{
ClaimsPrincipal user = _httpContextAccessor.HttpContext.User;
ClaimsIdentity identity = user.Identity as ClaimsIdentity;
string userName = identity.Name; //!!!
_logger.Trace("windows user `{0}` is trying to access the system", userName);
var admins = _configurationRoot.GetSection(ConfigDescription.Admins).Get<List<string>>();
if (!admins.Contains(userName))
{
_logger.Trace("Permission denied.");
context.Result = new RedirectResult("/error/unauthorized", false);
}
}
When I launch my asp net
app via IIS Express
in Visual Studio
everything works fine.当我在
Visual Studio
中通过IIS Express
启动我的asp net
应用程序时,一切正常。 My logs in this case:在这种情况下我的日志:
2021-12-25 22:02:53.1783 TRACE windows user `Domain\username` is trying to access the system.
But userName
is always empty after publishing on remote IIS.但在远程
userName
上发布后,用户名始终为空。
2021-12-25 19:11:55.2524 TRACE windows user `` is trying to access the system.
2021-12-25 19:11:55.2524 TRACE Permission denied.
I was trying open website from localhost and via domain name, also added it into Trusted Sites, nothing helped.我正在尝试从 localhost 和通过域名打开网站,也将其添加到受信任的站点中,但没有任何帮助。
web.config
: web.config
:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" forwardWindowsAuthToken="true" arguments=".\BlaBla.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Anonymous Authentication is enabled on IIS在 IIS 上启用匿名身份验证
Because if not, I can't open even error/unauthorized
page like this:因为如果没有,我什至无法打开这样的
error/unauthorized
的页面:
To enable windows authentication in IIS need to make sure the followings要在 IIS 中启用 windows 身份验证,需要确保以下内容
1. Enable Windows Authentication in IIS 1.在IIS中启用Windows认证
we need to enable Windows Authentication in “Windows features” (Run command: optionalfeatures. Win + R → optionalfeatures )我们需要在“Windows features”中启用 Windows 身份验证(运行命令: optionalfeatures.Win + R → optionalfeatures )
2. Enable Windows Authentication in IIS web application 2.在IIS web应用程序中启用Windows认证
Then we need to Enable windows authentication for applications.然后我们需要为应用程序启用 windows 身份验证。 Can be done in web.config as below or in IIS
可以在 web.config 或 IIS 中完成
web.config web.config
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
IIS IIS
Select the application in left node Authentication in feature view Select 左侧节点中的应用程序 功能视图中的身份验证
Enable Windows Authentication and Disable anonymous Authentication.启用 Windows 身份验证并禁用匿名身份验证。
More information更多信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.