IIS 8.5:更改url子路径的身份验证模式 [英] IIS 8.5: Change authentification mode for url sub path

问题描述

我们有一个启用了Windows身份验证的客户端Intranet Web应用程序，它在IIS 8.5上作为远程代理运行.现在，我们需要禁用 Windows身份验证，并在URL子路径/api/上启用匿名身份验证，以使来自该路径的所有数据在客户端Intranet域中公开可用./p>

实际上，这是来自 chensformers 的解决方案(解决方案

长时间尝试后，我自己找到了答案.答案分为两部分:

1. @Tim Lewis的答案(

   然后从C:\inetpub\wwwroot的web.config内，在最后一个</configuration>标记之前插入以下行:

   <location path="api">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
     <system.webServer>
       <security>
         <authentication>
           <anonymousAuthentication enabled="true" />
         </authentication>
       </security>
     </system.webServer>
   </location>
   

   重新启动 IIS管理器和服务器后，应覆盖子域(在本例中为/api)的主域中的Windows身份验证，并且子路径中的每个URL都应公开可用.

2. 但是，如果此配置最初不起作用，则可能是您选择的编辑器(在我的情况下为 Notepad ++ )未打开appplictionHost.config的正确内容(无论出于何种原因)，并且其中的所有更改都根本不会生效(另请参阅@MeanGreen Applicationhost .config不显示更改).

   我通过安装并使用 Notepad2 x64 ( http://www.flos-freeware.ch/notepad2.html ).此后，以上更改生效并立即生效.

PS:另请参见Add authentication to subfolders without creating a web application) sounds quite promising. However didn't get it to run yet as I am missing a section declaration.

How to configure IIS 8.5 to achieve this?

解决方案

After long trying, I found the answer myself. The answer is two-parted:

1. The answer of @Tim Lewis (Allow anonymous authentication for a single folder in web.config?) led me to the right configuration. In the file applicationHost.config in C:\Windows\System32\inetsrv\config, I changed the following lines from Deny to Allow:

   <section name="access" overrideModeDefault="Allow" />
   <section name="anonymousAuthentication" overrideModeDefault="Allow" />
   <section name="windowsAuthentication" overrideModeDefault="Allow" />
   

   Then inside the web.config from C:\inetpub\wwwroot, I inserted the following lines before the last </configuration> tag:

   <location path="api">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
     <system.webServer>
       <security>
         <authentication>
           <anonymousAuthentication enabled="true" />
         </authentication>
       </security>
     </system.webServer>
   </location>
   

   After restarting IIS Manager and the server, the windows authentication from the main domain should be overwritten for the sub path (/api in my case) and every URL inside the sub path should be publicly available.

2. However, if this configuration doesn't work at first, it could be that your editor of choice (in my case Notepad++) does not open the correct content of appplictionHost.config (for whatever reason) and all changes in it don't take effect at all (also see @MeanGreen Applicationhost.config not showing changes).

   I solved it by installing and using Notepad2 x64 (http://www.flos-freeware.ch/notepad2.html). After this, the above changes took effect and worked immediately.

PS: see also http://forums.iis.net/t/1233382.aspx?IIS+8+5+Change+authentification+mode+for+url+sub+path for a longer discussion of this topic.

这篇关于IIS 8.5:更改url子路径的身份验证模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！