堆栈内存溢出
  简体   繁体   English

Windows身份验证IIS7

[英]Windows Authentication IIS7

 原文  2012-10-05 14:05:33       asp.net/ iis-7/ windows-authentication

问题描述

I have an ASP.NET Dynamic Data site that should only be accessible to administrators currently logged in and on the domain. 我有一个ASP.NET动态数据站点,该站点只能由当前登录并在域上的管理员访问。 I want the site to be able to tell who the user is based on their login and either allow or deny access without challenging for credentials. 我希望该网站能够根据他们的登录信息来确定用户身份,并允许或拒绝访问而不会挑战凭据。 Due to the nature of a Dynamic Data site, I want to be certain no one else is finding their way in their so I'd like to manage authentication and authorization in IIS rather than the web.config. 由于动态数据网站的性质,我想确定没有其他人找到他们的方式,因此我想在IIS中而非Web.config中管理身份验证和授权。 But no matter what I do, it denies access even as administrator. 但是无论我做什么,它都以管理员身份拒绝访问。

Using IIS7 on a 64 bit Windows Server 2008 R2 Standard machine. 在64位Windows Server 2008 R2 Standard计算机上使用IIS7。 When clicked on the site and go into Authentication, I have disabled all modes except Windows. 当单击该站点并进入“身份验证”时,我已禁用Windows以外的所有模式。

All three available providers are enabled in the following order: 所有三个可用的提供程序都按以下顺序启用: 

Negotiate:Kerberos
Negotiate
NTLM

In Authorization, I have added a deny rule to deny anonymous users and then allow all users. 在授权中,我添加了一个拒绝规则来拒绝匿名用户,然后允许所有用户。 Eventually will change that to allow role administrator but I can do that once I get this working. 最终,它将进行更改,以允许角色管理员使用,但是一旦完成此工作,我就可以执行此操作。

What am I missing? 我想念什么? If it matters, the web server, the domain controller, the file server the pages are on are all on the same domain. 如果重要的话,页面所在的Web服务器,域控制器和文件服务器都位于同一域中。

1 个解决方案

解决方案1
 1 已采纳  2012-10-05 14:08:51

You may want to use this little snippet of code: 您可能需要使用以下代码片段: 

Public Function GetGroups() As ArrayList
    Dim groups As New ArrayList()
    For Each group As System.Security.Principal.IdentityReference In System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
        groups.Add(group.Translate(GetType(System.Security.Principal.NTAccount)).ToString())
    Next
    Return groups
End Function

This returns all the groups the current windows user is part of, that way you can check if the admin group is in the array list and just redirect them if not. 这将返回当前Windows用户所属的所有组,这样您就可以检查admin组是否在数组列表中,如果没有,则将其重定向。

So drop the other access deny/allow and use whether or not they are in the admin group to determine access. 因此,请删除其他访问拒绝/允许并使用它们是否在管理员组中来确定访问权限。

You will need to make sure that the following is in your config file: 您需要确保配置文件中包含以下内容: 

<system.webServer>
...etc
  <security>
...etc
    <authentication>
      <windowsAuthentication enabled="true" />
    </authentication>
...etc
  </security>
...etc
</system.webServer>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iis7中的Windows身份验证 - windows authentication in iis7 Windows Server 2008,IIS7和Windows身份验证 - Windows Server 2008, IIS7 and Windows Authentication runAllManagedModulesForAllRequests =“ true”在IIS7中终止Windows身份验证 - runAllManagedModulesForAllRequests = “true” killing windows authentication in IIS7 IIS7:如何定义Windows身份验证已打开? - IIS7: How to define that windows authentication is turned on? IIS7中的SQL Server和Windows身份验证 - SQL Server and windows authentication in IIS7 IIS7和表单身份验证 - IIS7 & forms authentication IIS7 Windows身份验证(如何从域中检索用户名?) - IIS7 Windows authentication(how to retrieve username from domain?) IIS7混合模式身份验证 - IIS7 Mixed Mode Authentication IIS7上的ASP.NET身份验证问题-Windows身份验证的User.Identity.Name为空 - ASP.NET Authentication Issues on IIS7 - User.Identity.Name is empty for Windows authentication Windows身份验证不适用于IIS7中部署的2.0 asp.net Web应用程序 - Windows authentication not working for a 2.0 asp.net web app deployed in IIS7
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM