stackoom
  简体   繁体   中英

Denying users in windows authentication IIS 8.5

 原文  2021-01-20 21:47:15       c#/ asp.net/ asp.net-core/ razor-pages

Question

I'm pretty new to .NET and I created a simple asp.net core web app using razor. I successfully published it in my IIS 8.5. I enabled windows authentication each time an user wants to access the page in my company network. However I'd like to restrict the access to all the users in the network except to a few users. I tried modifying my web.config file as follows:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
    <security>
      <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Deny" users="*" />
                <add accessType="Allow" users="Alice,Bob" />
      </authorization>
          </security>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\Autentificacion.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
      
    </system.webServer>
  </location>
</configuration>

After accessing the website the user is asked to put their windows user credentials but any user in the network can access the website not only Alice or Bob. Do I need to change an IIS configuration?

1 answers

solution1
 0 ACCPTED  2021-01-20 22:14:39

You want to look into authorization Policies.

services.AddAuthorization(options =>
        {
            options.AddPolicy("NewPolicy", policy =>
                policy.RequireAssertion(context =>
                    context.User.IsInRole("Some cool user group")));
        });

Where the users you want to have access are a part of a user group called "Some cool user group".

From there you may protect your routes and controllers with this policy by using the Authorize Attribute:

[Authorize(Policy = "NewPolicy")]

further reading: https://chrissainty.com/securing-your-blazor-apps-configuring-policy-based-authorization-with-blazor/

I would not recommend fiddling with the IIS web.config unless absolutely necessary.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Windows authentication in IIS 8.5 without pop up appearing OWIN Cookie authentication not working on IIS 8.5 Upgrade from IIS 7.5 to IIS 8.5 breaks OData with Hawk Authentication? Denying file extensions in IIS IIS Windows Authentication IIS APPOOL IIS asking for windows authentication Windows Authentication problems in IIS Authentication not working in subdirectories of Wordpress blog installed in IIS8.5 WCF - IIS Windows Authentication NancyFx on IIS and Windows Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM