在 IIS 上用密码保护文件夹的最佳方法
[英]Best way to password-protect folders on IIS
问题描述
What is the best way to password-protect a folder on IIS with a single set of credentials to be shared by a group of users?
使用一组用户共享的一组凭据对 IIS 上的文件夹进行密码保护的最佳方法是什么?
Our hosting service offers Plesk, which in turn offers a "password-protected directory" function, but some of our clients have HTTP authorization disabled, so they get an automatic 401.4 error with no prompt for credentials.我们的托管服务提供 Plesk,它又提供一个“受密码保护的目录”function,但我们的一些客户禁用了 HTTP 授权,因此他们会收到自动 401.4 错误,不会提示输入凭据。
I've looked into Forms authentication but this seems cumbersome to set up for the numerous separate domains at issue.我已经研究了 Forms 身份验证,但这似乎很麻烦,因为要为有问题的众多独立域设置。
The protected content is not super sensitive, we just don't want it easily accessible to the public.受保护的内容不是超级敏感,我们只是不希望公众轻易访问它。 Many of our users do not use the site frequently and we don't want to implement individual credentialing for everyone (we do have that in place for more sensitive sections) just so they can view current project reports or meeting minutes.我们的许多用户不经常使用该网站,我们不想为每个人实施个人认证(我们确实为更敏感的部分设置了认证)只是为了让他们可以查看当前的项目报告或会议记录。
On sites I don't control, but am just a user, that do the same things as mine, it is a big pain to have to look up a username and password twice per year just to view a meeting agenda (yes, browser could remember but they also have a 4-month expiration and lots of us are on different devices all the time).在我无法控制的网站上,我只是一个用户,与我做同样的事情,每年两次查找用户名和密码只是为了查看会议议程是一件很痛苦的事情(是的,浏览器可以请记住,但它们也有 4 个月的有效期,我们中的很多人一直在使用不同的设备)。
Is Forms authentication the way to go? Forms认证是go的方式吗? Took a several hours for me to get it set up and working, with all sorts of settings not well documented in a single place.我花了几个小时来设置和工作,各种设置都没有很好地记录在一个地方。
(I had previously asked about how to disable Basic Auth on the client side, was told more than once it's not possible - but it is, via client/browser registry keys) (我之前曾询问过如何在客户端禁用基本身份验证,不止一次被告知这是不可能的 - 但它是通过客户端/浏览器注册表项实现的)
Thanks.谢谢。
1 个解决方案
解决方案1
0 2023-01-15 09:35:11
It's perfectly fine to use forms authentication.使用 forms 身份验证完全没问题。 All you need to do is navigate to the folder or file you want to protect, then go to Authorization Rules.您需要做的就是导航到您要保护的文件夹或文件,然后 go 到授权规则。 Add a deny rule for anonymous users, when users who are not logged in try to click on any file in that folder, they will be redirected to your login page.为匿名用户添加拒绝规则,当未登录的用户尝试单击该文件夹中的任何文件时,他们将被重定向到您的登录页面。 You can find a lot of guides on forms authentication in Google, you can refer to the following: forms认证在google上可以找到很多攻略,可以参考以下:
https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/as.net/development/forms-based-authentication https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/as.net/development/forms-based-authentication
https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-as.net-applications/how-to-take-advantage-of-the-iis-integrated-pipeline https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-as.net-applications/how-to-take-advantage-of-the-iis-integrated-pipeline
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.