使用Windows身份验证的ASP.NET MVC [英] Using Windows Authentication with ASP.NET MVC
问题描述
我相信这是一个基本的答案,但我的搜查权力今天没有我的帮助。我有一个ASP.NET MVC 2(.NET 3.5)应用程序。它托管在IIS 6。
I am sure this is a basic answer, but my search powers are not helping me today. I have an ASP.NET MVC 2 (.NET 3.5) application. It is hosted on IIS 6.
有关这个问题的缘故,我有两个URL。
For the sake of this question I have two urls.
我想管理员可用来在域中的任何用户,根本上是提供给所有用户。该服务器是在域名,但域名为example1.com,所以他们是不一样的。
I want admin to be available to any user on the domain, and the root to be available to all users. The server is on the domain but the domain is example1.com, so they are not the same.
由于这是ASP.NET MVC没有Admin文件夹上设置权限。我曾尝试设置整个网站以阻止匿名请求,并有它允许所有的请求。然后在web.config中我将它设置为拒绝未经授权的用户在管理文件夹和/或允许对根的匿名访问。
Since this is ASP.NET MVC there is no Admin folder to set rights on. I have tried setting the whole site to block anonymous request and have had it allowing all request. Then in the web.config I set it up to deny unauthenticated users in the admin folder and/or allow anonymous access to the root.
我到底是什么了越来越是一个登录提示不起作用。我尝试过的用户名和例1 \\用户名,但始终无法登录。
What I end up getting is a login prompt that doesn't work. I've tried the user name and example1\username but it always fails to login.
我是什么失踪?
====澄清/应答====
Pandincus给了一个伟大的code的建议,添加[授权]对类是一个非常干净的方式来完成这项工作。但是我的问题结束了,我在做这一切在同一机器中的事实。我有example.com在我的框HOSTS条目,并通过URL被击中它。当我把我的其他框中HOSTS条目,并创下该网站它让我登录,没有问题。我的问题是不完整的小幅我应该提到这一点,事实上,的http://本地主机/ 是工作就好了。
==== Clarification/Answer ==== Pandincus gave a great code suggestion, adding [Authorize] to the class is a very clean way to make this work. However my problem ended up being the fact that I was doing all of this on the same box. I had a HOSTS entry for example.com on my box and was hitting it via the URL. When I put a HOSTS entry on my other box and hit the site it allowed me to log in without issue. My question was slightly incomplete as I should have mentioned this and the fact that http://localhost/ was working just fine.
推荐答案
不要使用web.config中设置访问。那你会怎么做它在asp.net web表单。
Don't use the web.config to set access. Thats how you would do it in asp.net web forms.
- 配置你的web.config使用Windows身份验证。
- 您有。任何管理控制器上使用的[授权]属性
无[授权]属性的任何控制器应该是向公众开放自动。因此,只有把你的属性上要锁定控制器。
Any controllers without an [Authorize] attribute should be open to the public automatically. So, only put your attribute on the controllers you want to lock down.
这篇关于使用Windows身份验证的ASP.NET MVC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
