堆栈内存溢出
  简体   繁体   English

IIS意外地使用AuthenticationType = Negotiate对应用程序池用户进行身份验证

[英]IIS unexpectedly authenticates App Pool user with AuthenticationType = Negotiate

 原文  2012-11-22 01:01:49       c#/ asp.net/ iis/ asp.net-web-api

问题描述

I have a WebAPI application that expects to use Forms authenticaiton, or my own custom Basic or Digest authentication. 我有一个WebAPI应用程序,希望使用Forms身份验证或我自己的自定义Basic或Digest身份验证。 It works fine on most servers. 它在大多数服务器上都能正常工作。 But on a few servers it does not work. 但是在一些服务器上它不起作用。

I have found that when the authentication fails it is because IIS has authenticated the App Pool user. 我发现,身份验证失败时是因为IIS已对应用程序池用户进行了身份验证。 Thread.CurrentPrincipal.Identity.AuthenticationType = "Negotiate". Thread.CurrentPrincipal.Identity.AuthenticationType =“协商”。 AFAIK this is windows authentication. AFAIK,这是Windows身份验证。 However windows authentication has been disabled for the site in question, and I even went so far as uninstalling the windows authentication feature on the server and still experienced the same problem. 但是,该站点的Windows身份验证已被禁用,我什至可以卸载服务器上的Windows身份验证功能,但仍然遇到相同的问题。

I have found that setting runAllManagedModulesForAllRequests to true will resolve this problem, though it is not a desirable work around as it adds overhead to all requests even those that run through the static handler. 我发现将runAllManagedModulesForAllRequests设置为true将解决此问题,尽管这不是理想的解决方法,因为它会给所有请求(即使是通过静态处理程序运行的请求)增加开销。

If anyone can tell me why this is happening, or how to debug the authentication process on IIS it would be very helpful. 如果有人可以告诉我为什么会这样,或者如何在IIS上调试身份验证过程,则将非常有帮助。

Edit: IIS7/7.5 Integrated Pipeline if it makes a difference 编辑: IIS7 / 7.5集成管道,如果有所作为

1 个解决方案

解决方案1
 1  2012-11-22 09:14:12

While experiencing the similar issue, here is my observation and suggestion. 在遇到类似问题时,这是我的观察和建议。

The issue could be related to the Anonymous user account which is used as Anonymous user identity . 该问题可能与用作匿名用户身份的匿名user account有关。 The default setting could be the problem. 默认设置可能是问题所在。 Please, read here more details: 请在这里阅读更多详细信息:

Summary : 总结

Using IIS 7.0 UI, go to Authentication page and select Anonymous Authentication . 使用IIS 7.0 UI,转到“ 身份验证”页面,然后选择“ 匿名身份验证” Then on the right click Edit and select the user to be used for this. 然后在右侧单击“ Edit然后选择要用于此的用户。 If this (newly selected) user has access to all static files, all should start working. 如果该(新选择的)用户有权访问所有静态文件,则所有文件都应开始工作。 Selecting App Pool Identity will grant the access rights specified for current pool user account. 选择“ App Pool Identity将授予为当前池用户帐户指定的访问权限。

The default value is IUSR, which is more detailed described here: 默认值为IUSR,此处有更详细的描述:

Missing IUSR account on Windows Server 2008 R2 / IIS7.5 Windows Server 2008 R2 / IIS7.5上缺少IUSR帐户

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IIS模拟返回应用程序池用户 - IIS impersonation returns app pool user 应用程序池回收后,会话cookie仍会进行身份验证 - Session cookie still authenticates after app pool recycle 在IIS 7中,APP Pooliner / DefaultAppPool用户是EVERYONE用户组的一部分吗? - In IIS 7, Is APP Pool/DefaultAppPool user part of EVERYONE user group? IIS App Pool,内存管理 - IIS App Pool, memory management IIS6 应用程序池 state - IIS6 App Pool state 无法使用应用程序池用户打开托管在 IIS 上的 web API 的 kerberos 连接 - Can't open a kerberos connection FROM web API hosted on IIS using app pool user 在IIS 6.0应用程序池中设置用户帐户 - Setting user account in IIS 6.0 application pool IIS应用程序池回收+石英计划 - IIS app pool recycle + quartz scheduling 编码以提高IIS应用程序池内存使用率 - Coding to Improve IIS App Pool Memory Usage 如何在IIS 8上以编程方式设置应用程序池标识 - How to programmatically set App Pool Identity on IIS 8
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM