使用C#在ASP.NET中使用Windows身份验证 [英] Using windows authentication in asp.net with c#
问题描述
我试图了解Windows身份验证的工作原理以及实现方法.我已经阅读了好几篇文章,并在youtube上观看了一些很长的视频,但是我仍然不知道需要将哪些内容添加到我的web.config文件/index.aspx页面中,以使其正常工作.
Im trying to understand how windows authentication works and how to implement it. Ive read quite a few articles and watched some quite length videos on youtube but i still cant my head around what needs to be added to my web.config file/ index.aspx page to make it work properly.
这是index.aspx页面:
Here is the index.aspx page:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace asset_management_system
{
public partial class index1 : System.Web.UI.Page
{
DataAccessLayer dal = new DataAccessLayer();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void loginBut_Click(object sender, EventArgs e)
{
string username = usernameTB.Text.Trim();
string password = passwordTB.Text.Trim();
try
{
using (SqlDataReader dr = dal.CheckLoginDetails(username))
{
//if username does not exist
if (!dr.Read())
{
MessageBox.Show("Invalid login details");
}
else
{
//if password matches the username then redirect to home page
if (dr[0].ToString() == password)
{
Session["username"] = username;
Response.Redirect("Home/home.aspx");
}
else
{
MessageBox.Show("Invalid login details");
}
}
}
}
catch (SqlException sqlex) { MessageBox.Show("There may be an issue with the server, please contact the administrator" +
" and provide this error message: " + sqlex); }
catch (Exception ex) { MessageBox.Show("error message: " + ex); }
}//end of loginBut_click method
}//end of class
}//end of namespace
这是web.config文件
And here is the web.config file
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="Asset management System DBConnectionString" connectionString="Data Source=STEPHENP\SQLEXPRESS;Initial Catalog="Asset management System DB";Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Windows">
</authentication>
<identity impersonate="true"/>
</system.web>
</configuration>
推荐答案
您正在将SQL身份验证与Windows身份验证混淆.
You are confusing SQL authentication with Windows authentication.
为了使该网页能够基于Windows身份验证工作,您的web.config需要
In order for this web page to work based on Windows authentication, your web.config needs
<authentication mode="Windows">
将页面部署到Web服务器时,需要禁用匿名身份验证以限制外部用户.下面是IIS7 + Web服务器的身份验证部分的摘录:
When you deploy your page to a web server, you need to disable anonymous authentication to restrict external users. Below is a snippet from an IIS7+ web server's authentication section:
If you need to program against logged in user or its group, you need to use the WindowsIdentity Class.
这篇关于使用C#在ASP.NET中使用Windows身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!