堆栈内存溢出
  简体   繁体   English

IIS7中的自定义基本身份验证失败

[英]Custom basic authentication fails in IIS7

 原文  2010-04-18 19:35:00       asp.net-mvc/ authentication/ iis-7/ httpmodule/ custom-authentication

问题描述

I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). 我有一个ASP.NET MVC应用程序,有一些RESTful服务,我试图使用自定义基本身份验证来保护它们(它们是根据我自己的数据库进行身份验证)。 I have implemented this by writing an HTTPModule. 我已经通过编写HTTPModule实现了这一点。

I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: 我有一个方法附加到HttpApplication.AuthenticateRequest事件,该事件在身份验证失败的情况下调用此方法: 

    private static void RejectWith401(HttpApplication app)
    {
        app.Response.StatusCode = 401;
        app.Response.StatusDescription = "Access Denied";
        app.CompleteRequest();
    }

This method is attached to the HttpApplication.EndRequest event: 此方法附加到HttpApplication.EndRequest事件: 

    public void OnEndRequest(object source, EventArgs eventArgs)
    {
        var app = (HttpApplication) source;
        if (app.Response.StatusCode == 401)
        {
            string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication");
            app.Response.AppendHeader("WWW-Authenticate", val);
        }
    }

This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. 此代码添加“WWW-Authenticate”标头,告诉浏览器抛出登录对话框。 This works perfectly when I debug locally using Visual Studio's web server. 当我使用Visual Studio的Web服务器进行本地调试时,这非常有效。 But it fails when I run it in IIS7. 但是当我在IIS7中运行它时失败了。

For IIS7 I have the built-in authentication modules all turned off, except anonymous. 对于IIS7,除了匿名之外,我都关闭了内置的身份验证模块。 It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. 它仍然返回HTTP 401响应,但它似乎正在删除WWW-Authenticate标头。

Any ideas? 有任何想法吗?

2 个解决方案

解决方案1
 2 已采纳  2010-04-18 22:08:16

I figured it out. 我想到了。 The problem was that I named this module, "BasicAuthenticationModule" which conflicted with another module IIS had built in. Once I renamed the module things worked just fine! 问题是我将这个模块命名为“BasicAuthenticationModule”,它与IIS内置的另一个模块冲突。一旦我重命名模块,一切工作正常!

解决方案2
 1  2010-04-19 06:55:15

Even though you have it working, this is something else to consider: 即使你有它工作,这是另外需要考虑的事情:

http://wcfrestcontrib.codeplex.com/wikipage?title=Web%20Authentication%20Overview&referringTitle=Home http://wcfrestcontrib.codeplex.com/wikipage?title=Web%20Authentication%20Overview&referringTitle=Home

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 二级身份验证IIS7 - Two stage Authentication IIS7 IIS7保护ASP MVC网站已经使用带有基本身份验证的表单身份验证 - IIS7 proctect an ASP MVC website already using form authentication with basic auth 使用IIS基本身份验证的OWIN身份验证 - OWIN Authentication with IIS Basic Authentication MVC4和IIS基本身份验证 - MVC4 and IIS Basic Authentication Forms Authentication&IIS7(&MVC):为什么要添加ReturnUrl = /? - Forms Authentication & IIS7 (&MVC): Why ReturnUrl=/ is added? IIS MVC 3站点中的基本身份验证不起作用 - Basic authentication in IIS MVC 3 site not working 使用IIS7 httpErrors将异常传递给自定义错误页面 - Passing Exception to Custom Error Page using IIS7 httpErrors 自定义身份验证需要启用哪些 IIS 身份验证? - What IIS authentication needs enabling for custom authentication? IIS7上的图像损坏 - Broken Images on IIS7 如何在iis7中托管? - how to host in iis7?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM