绕过Windows身份验证

Question

I have an ASP.NET intranet application that is configured to run in Integrated Windows authentication mode. It has been working fine until a need came up recently.

What the need is that the Intranet needs to be checked for availability by an availability checker which is a Windows service. What the checker does is hit an ASP.NET page and examine the response object. Since the windows service is not running with a domain user account, it gets

The remote server returned an error: (401) Unauthorized.

I am thinking of adding a new asp.net page for the checker to use and I want to tell the system not to authenticate it. But I believe the authentication happens before the application even gets a chance to review the page, that the 401 error is returned before the application code "sees" the page.

What are my options to get by this?

Thanks!

John

Answer 1

Besides adding a new folder, as @GordonBell commented, you can use the location element in your root web.config file.

Example:

  <location path="YourFile.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Answer 2

Try this:

Add a new folder to your website (for example: /Check)

In /Check, create new web.config containing:

<configuration>
  <system.web>
    <authentication mode="Windows" />
    <authorization>
      <allow users="?"/>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>

Then anything you access in /Check shouldn't be authenticated.