stackoom
  简体   繁体   中英

Windows Authentication IIS7

 原文  2012-10-05 14:05:33       asp.net/ iis-7/ windows-authentication

Question

I have an ASP.NET Dynamic Data site that should only be accessible to administrators currently logged in and on the domain. I want the site to be able to tell who the user is based on their login and either allow or deny access without challenging for credentials. Due to the nature of a Dynamic Data site, I want to be certain no one else is finding their way in their so I'd like to manage authentication and authorization in IIS rather than the web.config. But no matter what I do, it denies access even as administrator.

Using IIS7 on a 64 bit Windows Server 2008 R2 Standard machine. When clicked on the site and go into Authentication, I have disabled all modes except Windows.

All three available providers are enabled in the following order: 

Negotiate:Kerberos
Negotiate
NTLM

In Authorization, I have added a deny rule to deny anonymous users and then allow all users. Eventually will change that to allow role administrator but I can do that once I get this working.

What am I missing? If it matters, the web server, the domain controller, the file server the pages are on are all on the same domain.

1 answers

solution1
 1 ACCPTED  2012-10-05 14:08:51

You may want to use this little snippet of code: 

Public Function GetGroups() As ArrayList
    Dim groups As New ArrayList()
    For Each group As System.Security.Principal.IdentityReference In System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
        groups.Add(group.Translate(GetType(System.Security.Principal.NTAccount)).ToString())
    Next
    Return groups
End Function

This returns all the groups the current windows user is part of, that way you can check if the admin group is in the array list and just redirect them if not.

So drop the other access deny/allow and use whether or not they are in the admin group to determine access.

You will need to make sure that the following is in your config file: 

<system.webServer>
...etc
  <security>
...etc
    <authentication>
      <windowsAuthentication enabled="true" />
    </authentication>
...etc
  </security>
...etc
</system.webServer>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question windows authentication in iis7 Windows Server 2008, IIS7 and Windows Authentication runAllManagedModulesForAllRequests = “true” killing windows authentication in IIS7 IIS7: How to define that windows authentication is turned on? SQL Server and windows authentication in IIS7 IIS7 & forms authentication IIS7 Windows authentication(how to retrieve username from domain?) IIS7 Mixed Mode Authentication ASP.NET Authentication Issues on IIS7 - User.Identity.Name is empty for Windows authentication Windows authentication not working for a 2.0 asp.net web app deployed in IIS7
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM