支持基本,匿名和Windows身份验证的Web服务/API [英] web service/api supporting basic, anonymous and windows authentication
问题描述
我们有多个Web服务,可提供对某些大数据提取的访问.它们被实现为http处理程序,因此我们可以将结果直接流式传输到响应流中.我们已经在单个端点上使用匿名和HTTP基本身份验证.现在,我们想添加Windows身份验证,以便内部用户可以访问他们从内部Web应用程序获得的所有相同数据.
We have multiple web services that provide access to some large data extractions. They're implemented as http handlers, so we can stream the result directly into the response stream. We already have anonymous and HTTP basic authentication working on a single endpoint. We would now like to add Windows Authentication, so internal users can get access to all the same data that they can get from the internal web app.
但是,如果我在IIS的配置中禁用了匿名身份验证,则只能使Windows身份验证起作用.显然,这意味着对该端点的匿名请求将停止工作.我没有测试HTTP Basic,但是我猜他们也将停止工作.
However, I can only get Windows Authentication working if I disable anonymous authentication in IIS's configuration. Obviously, this means that anonymous requests to this endpoint stop working. I didn't test HTTP Basic, but I would guess they would stop working too.
我知道我们可以为Windows身份验证的请求创建一个新的终结点.但是,有没有办法使它与单个端点一起使用,就像我们已经在匿名和基本身份验证中使用的那样?
I know we could create a new endpoint, just for Windows authenticated requests. But, is there any way to get it to work with a single endpoint, like we already have with anonymous and basic authentication?
由于启用了匿名功能,因此用户无法使用其网络浏览器发出经过身份验证的请求,但是我们对此限制很好.我尝试创建一个发出XHR请求并将withCredentials设置为true的HTML页面,但是当在IIS中禁用匿名身份验证时,Web服务只能看到用户名.我还创建了一个控制台应用程序,该应用程序尝试以不同方式强制使用网络凭据.但是同样,当禁用匿名请求时,Web服务只能看到用户名.
Since anonymous is enabled, users can't make authenticated requests with their web browser, but we're fine with this limitation. I tried creating a HTML page that makes a XHR request and set withCredentials to true, but the web service only sees the username when anonymous auth is disabled in IIS. I also created a console app that tries to force network credentials in different ways. But again, the web service only sees the username when anonymous requests are disabled.
有人知道是否可以在单个URL上实现匿名身份验证和Windows身份验证吗?
Does anyone know if it's possible to achieve anonymous and Windows authentication on a single URL?
推荐答案
不可能在同一端点上同时启用Windows身份验证和匿名身份验证. 您将必须创建其他网址
It is not possible to enable WindowsAuthentication and Anonymous authentication together at the same endpoint. You will have to create different url
这篇关于支持基本,匿名和Windows身份验证的Web服务/API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
