Intranet网站页面的Windows身份验证
[英]Windows authentication for intranet site pages
问题描述
I'm building an intranet web site (asp.net 3.5) which has windows authentication. 
我正在建立一个具有Windows身份验证的Intranet网站(asp.net 3.5)。 Two questions: 两个问题:
- When the code behind makes a trusted connection to the SQL server, will it connect with app pool credentials or current page user credentials? 当后面的代码与SQL Server建立可信连接时,它将与应用程序池凭据或当前页面用户凭据连接吗?
- Right now, with a blank page, when the internal user (logged in to the domain) tries to hit the page they get challenged with windows login screen, and their credentials don't work. 现在,页面为空白,当内部用户(登录到域)尝试访问该页面时,他们会使用Windows登录屏幕受到挑战,并且其凭据不起作用。
Is there anything else I need to setup in web.config or IIS for the windows authentication to work, other than adding <authentication mode="Windows"/> ? 除了添加<authentication mode="Windows"/>之外,我还需要在web.config或IIS中进行其他设置以使Windows身份验证正常工作吗?
2 个解决方案
解决方案1
0 2012-02-10 15:37:45
You can configure the Windows identity of your ASP.NET application as the Windows identity supplied by IIS by enabling impersonation. 您可以通过启用模拟将ASP.NET应用程序的Windows身份配置为IIS提供的Windows身份。 That is, you instruct your ASP.NET application to impersonate the identity supplied by IIS for all tasks that the Windows operating system authenticates, including file and network access. 也就是说,您指示ASP.NET应用程序为Windows操作系统验证的所有任务(包括文件和网络访问)模拟IIS提供的身份。
To enable impersonation for your Web application, in the application's Web.config file set the impersonate attribute of the identity element to true, as shown in the following code example. 要为您的Web应用程序启用模拟,请在应用程序的Web.config文件中将identity元素的模拟属性设置为true,如以下代码示例所示。
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
解决方案2
0 2012-02-10 16:05:39
You don't want to use
imporsonate as suggested by kd7.
您不想按照
imporsonate建议使用
imporsonate符号。
Because then you will need to give your users rights on the database.
因为那样,您将需要授予用户对数据库的权限。
Might be okay for SELECT operations, but I don't think your DBAs will go along if you also need to UDATE/DELETE operations.
SELECT操作可能还可以,但是如果您还需要UDATE / DELETE操作,我认为您的DBA不会继续进行。
already addressed by kd7. kd7已解决。
When you enable "Windows" authentication, you need to not only configure your application to use it, you also need to configure IIS as well. 启用“ Windows”身份验证时,不仅需要配置应用程序以使用它,还需要配置IIS。
You also need to make sure that your AppPool user has proper permissions on the File System for your site. 您还需要确保您的AppPool用户对您的站点的文件系统具有适当的权限。
Depending on IIS version, the procedure for enabling windows authentication is different. 根据IIS版本,启用Windows身份验证的过程有所不同。 You can google it. 你可以谷歌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.