Windows身份验证和一起窗体身份验证的ASP.NET [英] Windows Authentication and Forms Authentication together for ASP.NET
问题描述
我开发一个内部面临的应用程序,需要通过Windows身份验证自动验证用户身份,并回落到Forms身份验证。回退将出现在计算机上登录的用户组帐户(如营运中心)的情况。我很担心安全问题,其中一个用户可以欺骗的Windows身份验证帐户。难道你的任何一种设计模式,务实的理念都知道,将适合这种特定情况下?
I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?
的技术限制:.NET 3.5的IIS 6(IIS 7目前是一个非首发在我们的环境)
Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)
谢谢!
推荐答案
有MSDN上的这里,这涉及一个自定义的401重定向在IIS中设置了 - 希望这是一些帮助。
There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.
这篇关于Windows身份验证和一起窗体身份验证的ASP.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!